diff --git a/docs/index.yaml b/docs/index.yaml index bfe9b12..b3a43e2 100644 --- a/docs/index.yaml +++ b/docs/index.yaml @@ -3,7 +3,7 @@ entries: knative-serving: - apiVersion: v2 appVersion: 1.3.2 - created: "2023-09-22T18:37:06.127807+08:00" + created: "2023-09-23T18:45:37.65325+08:00" description: A Helm chart for Knative Serving on Kubernetes digest: 134c3b538f96c25862bf85e72e9bbf0fe12dc3497f1e7f47383ccb902a1abd56 keywords: @@ -22,7 +22,7 @@ entries: version: 1.3.2 - apiVersion: v2 appVersion: 1.0.1 - created: "2023-09-22T18:37:06.126423+08:00" + created: "2023-09-23T18:45:37.651213+08:00" description: A Helm chart for Knative Serving on Kubernetes digest: c3c6dd47616c498ffe87d94812c35a6423ef974fa65daddc22d196986e15284a keywords: @@ -41,7 +41,7 @@ entries: openfunction: - apiVersion: v2 appVersion: 1.2.0 - created: "2023-09-22T18:37:06.279303+08:00" + created: "2023-09-23T18:45:37.893457+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -68,7 +68,7 @@ entries: repository: file://contour version: 10.2.2 description: A Helm chart for OpenFunction on Kubernetes - digest: 200c54fcae037a08b19b77a094beab58ff91c86da7c31259ce87081c48ce08bd + digest: f30e28c34b209587a05a661ce9c9b636f32ac18c67c7cc8ce2923ddc015add40 keywords: - faas - Serverless @@ -86,7 +86,7 @@ entries: version: 0.7.0 - apiVersion: v2 appVersion: 1.2.0-rc.0 - created: "2023-09-22T18:37:06.26496+08:00" + created: "2023-09-23T18:45:37.86594+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -131,7 +131,7 @@ entries: version: 0.7.0-rc.0 - apiVersion: v2 appVersion: 1.1.1 - created: "2023-09-22T18:37:06.250949+08:00" + created: "2023-09-23T18:45:37.845913+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -176,7 +176,7 @@ entries: version: 0.6.1 - apiVersion: v2 appVersion: 1.1.0 - created: "2023-09-22T18:37:06.239079+08:00" + created: "2023-09-23T18:45:37.82856+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -221,7 +221,7 @@ entries: version: 0.6.0 - apiVersion: v2 appVersion: 1.0.0 - created: "2023-09-22T18:37:06.227649+08:00" + created: "2023-09-23T18:45:37.812632+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -266,7 +266,7 @@ entries: version: 0.5.0 - apiVersion: v2 appVersion: 1.0.0-rc.0 - created: "2023-09-22T18:37:06.216095+08:00" + created: "2023-09-23T18:45:37.796909+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -311,7 +311,7 @@ entries: version: 0.5.0-rc.0 - apiVersion: v2 appVersion: 0.8.1 - created: "2023-09-22T18:37:06.205003+08:00" + created: "2023-09-23T18:45:37.779977+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -356,7 +356,7 @@ entries: version: 0.4.0 - apiVersion: v2 appVersion: 0.8.1-rc.0 - created: "2023-09-22T18:37:06.192978+08:00" + created: "2023-09-23T18:45:37.761659+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -401,7 +401,7 @@ entries: version: 0.4.0-rc.0 - apiVersion: v2 appVersion: 0.8.0 - created: "2023-09-22T18:37:06.181388+08:00" + created: "2023-09-23T18:45:37.740003+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -446,7 +446,7 @@ entries: version: 0.3.1 - apiVersion: v2 appVersion: 0.8.0 - created: "2023-09-22T18:37:06.170404+08:00" + created: "2023-09-23T18:45:37.718627+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -491,7 +491,7 @@ entries: version: 0.3.0 - apiVersion: v2 appVersion: 0.8.0-rc.0 - created: "2023-09-22T18:37:06.159678+08:00" + created: "2023-09-23T18:45:37.700434+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -536,7 +536,7 @@ entries: version: 0.3.0-rc.0 - apiVersion: v2 appVersion: 0.7.0 - created: "2023-09-22T18:37:06.148501+08:00" + created: "2023-09-23T18:45:37.683599+08:00" dependencies: - condition: global.Dapr.enabled name: dapr @@ -581,7 +581,7 @@ entries: version: 0.2.0 - apiVersion: v2 appVersion: 0.6.0 - created: "2023-09-22T18:37:06.136888+08:00" + created: "2023-09-23T18:45:37.666931+08:00" dependencies: - condition: Dapr.enabled name: dapr @@ -627,7 +627,7 @@ entries: shipwright-build: - apiVersion: v2 appVersion: 0.10.0 - created: "2023-09-22T18:37:06.281447+08:00" + created: "2023-09-23T18:45:37.89649+08:00" description: A Helm chart for Shipwright Build on Kubernetes digest: 06820ce8fe0088b3f95086ce38c5aff3069b691d2d5f1210e5bf77e9632a8611 keywords: @@ -648,7 +648,7 @@ entries: version: 0.10.0 - apiVersion: v2 appVersion: 0.6.1 - created: "2023-09-22T18:37:06.28227+08:00" + created: "2023-09-23T18:45:37.897529+08:00" description: A Helm chart for Shipwright Build on Kubernetes digest: 366ca24ad2651910695ac50e165be4fa7c8c635ec2aec5f53a6baca17f3efed0 keywords: @@ -669,7 +669,7 @@ entries: tekton-pipelines: - apiVersion: v2 appVersion: 0.37.2 - created: "2023-09-22T18:37:06.283429+08:00" + created: "2023-09-23T18:45:37.899074+08:00" description: A Helm chart for Tekton Pipelines on Kubernetes digest: 90fe5c147a410aa1c26812435704cbcf1891ce2446a8e5f8a3ff62449f736360 keywords: @@ -690,7 +690,7 @@ entries: version: 0.37.2 - apiVersion: v2 appVersion: 0.30.0 - created: "2023-09-22T18:37:06.28284+08:00" + created: "2023-09-23T18:45:37.898316+08:00" description: A Helm chart for Tekton Pipelines on Kubernetes digest: 4939ec89841370813aa5c00cea5db82733470fb165326d2b75c3f9324d170bac keywords: @@ -708,4 +708,4 @@ entries: urls: - https://openfunction.github.io/charts/tekton-pipelines-0.30.0.tgz version: 0.30.0 -generated: "2023-09-22T18:37:06.122203+08:00" +generated: "2023-09-23T18:45:37.64621+08:00" diff --git a/docs/openfunction-v1.2.0-v0.7.0.tgz b/docs/openfunction-v1.2.0-v0.7.0.tgz index e6ea683..e16f118 100644 Binary files a/docs/openfunction-v1.2.0-v0.7.0.tgz and b/docs/openfunction-v1.2.0-v0.7.0.tgz differ diff --git a/openfunction/crds/builder.yaml b/openfunction/crds/builder.yaml index bab4950..9ef22d2 100644 --- a/openfunction/crds/builder.yaml +++ b/openfunction/crds/builder.yaml @@ -40,93 +40,151 @@ spec: name: v1beta1 schema: openAPIV3Schema: + description: Builder is the Schema for the builders API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: BuilderSpec defines the desired state of Builder properties: builder: + description: Builder refers to the image containing the build tools + inside which the source code would be built. type: string builderCredentials: + description: BuilderCredentials references a Secret that contains credentials + to access the builder image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic dockerfile: + description: Dockerfile is the path to the Dockerfile to be used for + build strategies that rely on the Dockerfile for building an image. type: string env: additionalProperties: type: string + description: Environment params to pass to the builder. type: object image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic params: additionalProperties: type: string + description: Params is a list of key/value that could be used to set + strategy parameters. type: object port: + description: The port on which the function will be invoked format: int32 type: integer shipwright: + description: The configuration for `Shipwright` build engine. properties: strategy: + description: Strategy references the BuildStrategy to use to build + the image. properties: kind: + description: BuildStrategyKind indicates the kind of the build + strategy BuildStrategy or ClusterBuildStrategy, default to + BuildStrategy. type: string name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string required: - name type: object timeout: + description: Timeout defines the maximum amount of time the Build + should take to execute. format: duration type: string type: object srcRepo: + description: Git repository info of a function properties: bundleContainer: + description: BundleContainer properties: image: + description: Image reference, i.e. quay.io/org/image:tag type: string required: - image type: object credentials: + description: Credentials references a Secret that contains credentials + to access the repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic revision: + description: Git revision to check out (branch, tag, sha, ref…) + (default:"") type: string sourceSubPath: + description: A subpath within the `source` input where the source + to build is located. type: string url: + description: Git url to clone type: string type: object state: + description: State is used for canceling a buildrun (and maybe more + later on). type: string timeout: + description: Timeout defines the maximum amount of time the Build should + take to execute. type: string required: - image - srcRepo type: object status: + description: BuilderStatus defines the observed state of Builder properties: output: + description: Output holds the results emitted from step definition of + an output properties: digest: + description: Digest holds the digest of output image type: string size: + description: Size holds the compressed size of output image format: int64 type: integer type: object @@ -137,25 +195,42 @@ spec: resourceRef: additionalProperties: type: string + description: Associate resources. type: object sources: + description: Sources holds the results emitted from the step definition + of different sources items: + description: SourceResult holds the results emitted from the different + sources properties: bundle: + description: Bundle holds the results emitted from from the step + definition of bundle source properties: digest: + description: Digest hold the image digest result type: string type: object git: + description: Git holds the results emitted from from the step + definition of a git source properties: branchName: + description: BranchName holds the default branch name of the + git source this will be set only when revision is not specified + in Build object type: string commitAuthor: + description: CommitAuthor holds the commit author of a git + source type: string commitSha: + description: CommitSha holds the commit sha of git source type: string type: object name: + description: Name is the name of source type: string required: - name @@ -179,107 +254,177 @@ spec: - jsonPath: .status.reason name: Reason type: string + - jsonPath: .status.buildDuration + name: BuildDuration + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date name: v1beta2 schema: openAPIV3Schema: + description: Builder is the Schema for the builders API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: BuilderSpec defines the desired state of Builder properties: builder: + description: Builder refers to the image containing the build tools + to build the source code. type: string builderCredentials: + description: BuilderCredentials references a Secret that contains credentials + to access the builder image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic builderMaxAge: + description: The duration to retain a completed builder, defaults to + 0 (forever). type: string dockerfile: + description: Dockerfile is the path to the Dockerfile used by build + strategies that rely on the Dockerfile to build an image. type: string env: additionalProperties: type: string + description: Environment variables to pass to the builder. type: object failedBuildsHistoryLimit: + description: The number of failed builds to retain, default is 1. format: int32 type: integer image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic shipwright: + description: The configuration for the `Shipwright` build engine. properties: params: + description: 'Params is a list of key/value that could be used to + set strategy parameters. When using _params_, users should avoid: + Defining a parameter name that doesn''t match one of the `spec.parameters` + defined in the `BuildStrategy`. Defining a parameter name that + collides with the Shipwright reserved parameters including BUILDER_IMAGE,DOCKERFILE,CONTEXT_DIR + and any name starting with shp-.' items: + description: ParamValue is a key/value that populates a strategy + parameter used in the execution of the strategy steps properties: configMapValue: + description: The ConfigMap value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object name: + description: Name of the parameter type: string secretValue: + description: The secret value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object value: + description: The value of the parameter type: string values: + description: Values of an array parameter items: + description: SingleValue is the value type contains the + properties for a value, this allows for an easy extension + in the future to support more kinds properties: configMapValue: + description: The ConfigMap value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object secretValue: + description: The secret value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object value: + description: The value of the parameter type: string type: object type: array @@ -288,59 +433,92 @@ spec: type: object type: array strategy: + description: Strategy references the BuildStrategy to use to build + the image. properties: kind: + description: BuildStrategyKind indicates the kind of the build + strategy BuildStrategy or ClusterBuildStrategy, default to + BuildStrategy. type: string name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string required: - name type: object timeout: + description: Timeout defines the maximum amount of time the Build + should take to execute. format: duration type: string type: object srcRepo: + description: Function Source code repository properties: bundleContainer: + description: BundleContainer properties: image: + description: Image reference, i.e. quay.io/org/image:tag type: string required: - image type: object credentials: + description: Credentials references a Secret that contains credentials + to access the repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic revision: + description: Git revision to check out (branch, tag, sha, ref…) + (default:"") type: string sourceSubPath: + description: A subpath within the `source` input where the source + to build is located. type: string url: + description: Git url to clone type: string type: object state: + description: State is used for canceling a buildrun (and maybe more + later on). type: string successfulBuildsHistoryLimit: + description: The number of successful builds to retain, default is 0. format: int32 type: integer timeout: + description: Timeout defines the maximum amount of time the Build should + take to execute. type: string required: - image - srcRepo type: object status: + description: BuilderStatus defines the observed state of Builder properties: + buildDuration: + type: string message: type: string output: + description: Output holds the results emitted from step definition of + an output properties: digest: + description: Digest holds the digest of output image type: string size: + description: Size holds the compressed size of output image format: int64 type: integer type: object @@ -351,25 +529,42 @@ spec: resourceRef: additionalProperties: type: string + description: Associate resources. type: object sources: + description: Sources holds the results emitted from the step definition + of different sources items: + description: SourceResult holds the results emitted from the different + sources properties: bundle: + description: Bundle holds the results emitted from from the step + definition of bundle source properties: digest: + description: Digest hold the image digest result type: string type: object git: + description: Git holds the results emitted from from the step + definition of a git source properties: branchName: + description: BranchName holds the default branch name of the + git source this will be set only when revision is not specified + in Build object type: string commitAuthor: + description: CommitAuthor holds the commit author of a git + source type: string commitSha: + description: CommitSha holds the commit sha of git source type: string type: object name: + description: Name is the name of source type: string required: - name diff --git a/openfunction/crds/clustereventbus.yaml b/openfunction/crds/clustereventbus.yaml index b3d680b..e552be3 100644 --- a/openfunction/crds/clustereventbus.yaml +++ b/openfunction/crds/clustereventbus.yaml @@ -1,176 +1,271 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: clustereventbus.events.openfunction.io + name: clustereventbuses.events.openfunction.io spec: group: events.openfunction.io names: kind: ClusterEventBus listKind: ClusterEventBusList - plural: clustereventbus + plural: clustereventbuses shortNames: - - ceb + - ceb singular: clustereventbus scope: Cluster versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - natsStreaming: - properties: - ackWaitTime: - type: string - consumerID: - type: string - deliverAll: - type: boolean - deliverNew: - type: boolean - durableSubscriptionName: - type: string - maxInFlight: - format: int64 - type: integer - natsStreamingClusterID: - type: string - natsURL: - type: string - scaleOption: - properties: - advanced: - properties: - horizontalPodAutoscalerConfig: - properties: - behavior: - properties: - scaleDown: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - scaleUp: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - type: object - type: object - restoreToOriginalReplicaCount: - type: boolean - type: object - authRef: - properties: - kind: - type: string - name: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterEventBus is the Schema for the clustereventbus API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EventBusSpec defines the desired state of EventBus and ClusterEventBus + properties: + natsStreaming: + description: Use Nats streaming as the default backend for event bus + properties: + ackWaitTime: + type: string + consumerID: + type: string + deliverAll: + type: boolean + deliverNew: + type: boolean + durableSubscriptionName: + type: string + maxInFlight: + format: int64 + type: integer + natsStreamingClusterID: + type: string + natsURL: + type: string + scaleOption: + properties: + advanced: + description: AdvancedConfig specifies advance scaling options + properties: + horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies horizontal + scale config + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up and + Down directions (scaleUp and scaleDown fields respectively). + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow + to scale down to minReplicas pods, with a 300 + second stabilization window (i.e., the highest + recommendation for the last 300sec is used). + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during scaling. + At least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than or + equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, the + default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the + stabilization window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher + of: * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds No + stabilization is used.' + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during scaling. + At least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than or + equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, the + default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the + stabilization window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + name: + type: string + type: object + restoreToOriginalReplicaCount: + type: boolean + type: object + authRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment + properties: + kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. + type: string + name: + type: string + required: + - name + type: object + cooldownPeriod: + format: int32 + type: integer + durableName: + type: string + lagThreshold: + type: string + maxReplicaCount: + format: int32 + type: integer + metadata: + additionalProperties: type: string - required: - - name - type: object - cooldownPeriod: - format: int32 - type: integer - durableName: - type: string - lagThreshold: - type: string - maxReplicaCount: - format: int32 - type: integer - metadata: - additionalProperties: + type: object + minReplicaCount: + format: int32 + type: integer + natsServerMonitoringEndpoint: + type: string + pollingInterval: + format: int32 + type: integer + queueGroup: + type: string + subject: type: string - type: object - minReplicaCount: - format: int32 - type: integer - natsServerMonitoringEndpoint: - type: string - pollingInterval: - format: int32 - type: integer - queueGroup: - type: string - subject: - type: string - required: - - lagThreshold - - natsServerMonitoringEndpoint - type: object - startAtSequence: - format: int64 - type: integer - startAtTime: - type: string - startAtTimeDelta: - type: string - startAtTimeFormat: - type: string - startWithLastReceived: - type: boolean - subscriptionType: - type: string - required: - - durableSubscriptionName - - natsStreamingClusterID - - natsURL - - subscriptionType - type: object - topic: - type: string - type: object - type: object - served: true - storage: true + required: + - lagThreshold + - natsServerMonitoringEndpoint + type: object + startAtSequence: + format: int64 + type: integer + startAtTime: + type: string + startAtTimeDelta: + type: string + startAtTimeFormat: + type: string + startWithLastReceived: + type: boolean + subscriptionType: + type: string + required: + - durableSubscriptionName + - natsStreamingClusterID + - natsURL + - subscriptionType + type: object + topic: + description: Topic indicates the name of the message channel of eventbus + If not specified, "default" will be used as the name of the message + channel + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" diff --git a/openfunction/crds/eventbus.yaml b/openfunction/crds/eventbus.yaml index 6ac855a..688dff5 100644 --- a/openfunction/crds/eventbus.yaml +++ b/openfunction/crds/eventbus.yaml @@ -1,176 +1,271 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: eventbus.events.openfunction.io + name: eventbuses.events.openfunction.io spec: group: events.openfunction.io names: kind: EventBus listKind: EventBusList - plural: eventbus + plural: eventbuses shortNames: - - eb + - eb singular: eventbus scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - natsStreaming: - properties: - ackWaitTime: - type: string - consumerID: - type: string - deliverAll: - type: boolean - deliverNew: - type: boolean - durableSubscriptionName: - type: string - maxInFlight: - format: int64 - type: integer - natsStreamingClusterID: - type: string - natsURL: - type: string - scaleOption: - properties: - advanced: - properties: - horizontalPodAutoscalerConfig: - properties: - behavior: - properties: - scaleDown: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - scaleUp: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - type: object - type: object - restoreToOriginalReplicaCount: - type: boolean - type: object - authRef: - properties: - kind: - type: string - name: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EventBus is the Schema for the eventbus API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EventBusSpec defines the desired state of EventBus and ClusterEventBus + properties: + natsStreaming: + description: Use Nats streaming as the default backend for event bus + properties: + ackWaitTime: + type: string + consumerID: + type: string + deliverAll: + type: boolean + deliverNew: + type: boolean + durableSubscriptionName: + type: string + maxInFlight: + format: int64 + type: integer + natsStreamingClusterID: + type: string + natsURL: + type: string + scaleOption: + properties: + advanced: + description: AdvancedConfig specifies advance scaling options + properties: + horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies horizontal + scale config + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up and + Down directions (scaleUp and scaleDown fields respectively). + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow + to scale down to minReplicas pods, with a 300 + second stabilization window (i.e., the highest + recommendation for the last 300sec is used). + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during scaling. + At least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than or + equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, the + default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the + stabilization window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher + of: * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds No + stabilization is used.' + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during scaling. + At least one policy must be specified, otherwise + the HPAScalingRules will be discarded as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies the + window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than or + equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify the + scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, the + default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or scaling + down. StabilizationWindowSeconds must be greater + than or equal to zero and less than or equal + to 3600 (one hour). If not set, use the default + values: - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. the + stabilization window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + name: + type: string + type: object + restoreToOriginalReplicaCount: + type: boolean + type: object + authRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment + properties: + kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. + type: string + name: + type: string + required: + - name + type: object + cooldownPeriod: + format: int32 + type: integer + durableName: + type: string + lagThreshold: + type: string + maxReplicaCount: + format: int32 + type: integer + metadata: + additionalProperties: type: string - required: - - name - type: object - cooldownPeriod: - format: int32 - type: integer - durableName: - type: string - lagThreshold: - type: string - maxReplicaCount: - format: int32 - type: integer - metadata: - additionalProperties: + type: object + minReplicaCount: + format: int32 + type: integer + natsServerMonitoringEndpoint: + type: string + pollingInterval: + format: int32 + type: integer + queueGroup: + type: string + subject: type: string - type: object - minReplicaCount: - format: int32 - type: integer - natsServerMonitoringEndpoint: - type: string - pollingInterval: - format: int32 - type: integer - queueGroup: - type: string - subject: - type: string - required: - - lagThreshold - - natsServerMonitoringEndpoint - type: object - startAtSequence: - format: int64 - type: integer - startAtTime: - type: string - startAtTimeDelta: - type: string - startAtTimeFormat: - type: string - startWithLastReceived: - type: boolean - subscriptionType: - type: string - required: - - durableSubscriptionName - - natsStreamingClusterID - - natsURL - - subscriptionType - type: object - topic: - type: string - type: object - type: object - served: true - storage: true + required: + - lagThreshold + - natsServerMonitoringEndpoint + type: object + startAtSequence: + format: int64 + type: integer + startAtTime: + type: string + startAtTimeDelta: + type: string + startAtTimeFormat: + type: string + startWithLastReceived: + type: boolean + subscriptionType: + type: string + required: + - durableSubscriptionName + - natsStreamingClusterID + - natsURL + - subscriptionType + type: object + topic: + description: Topic indicates the name of the message channel of eventbus + If not specified, "default" will be used as the name of the message + channel + type: string + type: object + type: object + served: true + storage: true status: acceptedNames: kind: "" diff --git a/openfunction/crds/eventsource.yaml b/openfunction/crds/eventsource.yaml index a051f86..0009a8e 100644 --- a/openfunction/crds/eventsource.yaml +++ b/openfunction/crds/eventsource.yaml @@ -9,377 +9,551 @@ spec: listKind: EventSourceList plural: eventsources shortNames: - - es + - es singular: eventsource scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.eventBus - name: EventBus - type: string - - jsonPath: .spec.sink.uri - name: Sink - type: string - - jsonPath: .status.conditions[-1].type - name: Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - build: - properties: - builder: - type: string - builderCredentials: - properties: - name: - type: string - type: object - builderMaxAge: - type: string - dockerfile: - type: string - env: - additionalProperties: + - additionalPrinterColumns: + - jsonPath: .spec.eventBus + name: EventBus + type: string + - jsonPath: .spec.sink.uri + name: Sink + type: string + - jsonPath: .status.conditions[-1].type + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: EventSource is the Schema for the eventsources API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EventSourceSpec defines the desired state of EventSource + properties: + build: + description: Information needed to build a function. The build step + will be skipped if Build is nil. + properties: + builder: + description: Builder refers to the image containing the build tools + to build the source code. type: string - type: object - failedBuildsHistoryLimit: - format: int32 - type: integer - params: - additionalProperties: + builderCredentials: + description: BuilderCredentials references a Secret that contains + credentials to access the builder image repository. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + builderMaxAge: + description: The duration to retain a completed builder, defaults + to 0 (forever). + type: string + dockerfile: + description: Dockerfile is the path to the Dockerfile used by build + strategies that rely on the Dockerfile to build an image. + type: string + env: + additionalProperties: + type: string + description: Environment variables to pass to the builder. + type: object + failedBuildsHistoryLimit: + description: The number of failed builds to retain, default is 1. + format: int32 + type: integer + params: + additionalProperties: + type: string + description: 'Params is a list of key/value that could be used to + set strategy parameters. When using _params_, users should avoid: + Defining a parameter name that doesn''t match one of the `spec.parameters` + defined in the `BuildStrategy`. Defining a parameter name that + collides with the Shipwright reserved parameters including BUILDER_IMAGE,DOCKERFILE,CONTEXT_DIR + and any name starting with shp-.' + type: object + shipwright: + description: The configuration for the `Shipwright` build engine. + properties: + strategy: + description: Strategy references the BuildStrategy to use to + build the image. + properties: + kind: + description: BuildStrategyKind indicates the kind of the + build strategy BuildStrategy or ClusterBuildStrategy, + default to BuildStrategy. + type: string + name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' + type: string + required: + - name + type: object + timeout: + description: Timeout defines the maximum amount of time the + Build should take to execute. + format: duration + type: string + type: object + srcRepo: + description: Function Source code repository + properties: + bundleContainer: + description: BundleContainer + properties: + image: + description: Image reference, i.e. quay.io/org/image:tag + type: string + required: + - image + type: object + credentials: + description: Credentials references a Secret that contains credentials + to access the repository. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + revision: + description: Git revision to check out (branch, tag, sha, ref…) + (default:"") + type: string + sourceSubPath: + description: A subpath within the `source` input where the source + to build is located. + type: string + url: + description: Git url to clone + type: string + type: object + successfulBuildsHistoryLimit: + description: The number of successful builds to retain, default + is 0. + format: int32 + type: integer + timeout: + description: Timeout defines the maximum amount of time the Build + should take to execute. type: string + required: + - srcRepo + type: object + cron: + additionalProperties: + properties: + schedule: + type: string + required: + - schedule type: object - shipwright: + description: Cron event source, the Key is used to refer to the name + of the event + type: object + eventBus: + description: EventBus allows you to specify a specific EventBus to be + used instead of the "default" one + type: string + kafka: + additionalProperties: properties: - strategy: + authRequired: + type: boolean + brokers: + type: string + maxMessageBytes: + format: int64 + type: integer + saslPassword: + type: string + saslUsername: + type: string + scaleOption: properties: - kind: + advanced: + description: AdvancedConfig specifies advance scaling options + properties: + horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies horizontal + scale config + properties: + behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up and + Down directions (scaleUp and scaleDown fields respectively). + properties: + scaleDown: + description: scaleDown is scaling policy for scaling + Down. If not set, the default value is to allow + to scale down to minReplicas pods, with a 300 + second stabilization window (i.e., the highest + recommendation for the last 300sec is used). + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be discarded + as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies + the window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than + or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify + the scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or + scaling down. StabilizationWindowSeconds + must be greater than or equal to zero and + less than or equal to 3600 (one hour). If + not set, use the default values: - For scale + up: 0 (i.e. no stabilization is done). - + For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + scaleUp: + description: 'scaleUp is scaling policy for scaling + Up. If not set, the default value is the higher + of: * increase no more than 4 pods per 60 seconds + * double the number of pods per 60 seconds No + stabilization is used.' + properties: + policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be discarded + as invalid + items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. + properties: + periodSeconds: + description: PeriodSeconds specifies + the window of time for which the policy + should hold true. PeriodSeconds must + be greater than zero and less than + or equal to 1800 (30 min). + format: int32 + type: integer + type: + description: Type is used to specify + the scaling policy. + type: string + value: + description: Value contains the amount + of change which is permitted by the + policy. It must be greater than zero + format: int32 + type: integer + required: + - periodSeconds + - type + - value + type: object + type: array + x-kubernetes-list-type: atomic + selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. + type: string + stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds is + the number of seconds for which past recommendations + should be considered while scaling up or + scaling down. StabilizationWindowSeconds + must be greater than or equal to zero and + less than or equal to 3600 (one hour). If + not set, use the default values: - For scale + up: 0 (i.e. no stabilization is done). - + For scale down: 300 (i.e. the stabilization + window is 300 seconds long).' + format: int32 + type: integer + type: object + type: object + name: + type: string + type: object + restoreToOriginalReplicaCount: + type: boolean + type: object + authRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment + properties: + kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. + type: string + name: + type: string + required: + - name + type: object + consumerGroup: type: string - name: + cooldownPeriod: + format: int32 + type: integer + lagThreshold: + type: string + maxReplicaCount: + format: int32 + type: integer + metadata: + additionalProperties: + type: string + type: object + minReplicaCount: + format: int32 + type: integer + pollingInterval: + format: int32 + type: integer + topic: type: string required: - - name + - lagThreshold type: object - timeout: - format: duration + topic: type: string + required: + - authRequired + - brokers type: object - srcRepo: + description: Kafka event source, the Key is used to refer to the name + of the event + type: object + logLevel: + description: The logging level of the event source handler, e.g. "1", + "2", "3". The level increases as the value increases, default is "1". + type: string + mqtt: + additionalProperties: properties: - credentials: - properties: - name: - type: string - type: object - revision: + caCert: + type: string + cleanSession: + type: boolean + clientCert: + type: string + clientKey: type: string - sourceSubPath: + consumerID: + type: string + qos: + format: int64 + type: integer + retain: + type: boolean + topic: type: string url: type: string required: - - url + - topic + - url type: object - successfulBuildsHistoryLimit: - format: int32 - type: integer - timeout: - type: string - required: - - srcRepo - type: object - cron: - additionalProperties: - properties: - schedule: - type: string - required: - - schedule + description: Mqtt event source, the Key is used to refer to the name + of the event + type: object + redis: + additionalProperties: + properties: + dialTimeout: + type: string + enableTLS: + type: boolean + failover: + type: boolean + idleCheckFrequency: + type: string + idleTimeout: + type: string + maxConnAge: + type: string + minIdleConns: + format: int64 + type: integer + poolSize: + format: int64 + type: integer + poolTimeout: + type: string + processingTimeout: + type: string + readTimeout: + type: string + redeliverInterval: + type: string + redisDB: + format: int64 + type: integer + redisHost: + type: string + redisMaxRetries: + format: int64 + type: integer + redisMaxRetryInterval: + type: string + redisMinRetryInterval: + type: string + redisPassword: + type: string + redisType: + type: string + sentinelMasterName: + type: string + writeTimeout: + type: string + required: + - redisHost + - redisPassword + type: object + description: Redis event source, the Key is used to refer to the name + of the event type: object - type: object - eventBus: - type: string - kafka: - additionalProperties: + sink: + description: Sink is a callable address, such as Knative Service properties: - authRequired: - type: boolean - brokers: - type: string - maxMessageBytes: - format: int64 - type: integer - saslPassword: - type: string - saslUsername: - type: string - scaleOption: + ref: properties: - advanced: - properties: - horizontalPodAutoscalerConfig: - properties: - behavior: - properties: - scaleDown: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - scaleUp: - properties: - policies: - items: - properties: - periodSeconds: - format: int32 - type: integer - type: - type: string - value: - format: int32 - type: integer - required: - - periodSeconds - - type - - value - type: object - type: array - selectPolicy: - type: string - stabilizationWindowSeconds: - format: int32 - type: integer - type: object - type: object - type: object - restoreToOriginalReplicaCount: - type: boolean - type: object - authRef: - properties: - kind: - type: string - name: - type: string - required: - - name - type: object - consumerGroup: + apiVersion: + description: API version of the referent. type: string - cooldownPeriod: - format: int32 - type: integer - lagThreshold: + kind: + description: Kind of the referent. type: string - maxReplicaCount: - format: int32 - type: integer - metadata: - additionalProperties: - type: string - type: object - minReplicaCount: - format: int32 - type: integer - pollingInterval: - format: int32 - type: integer - topic: + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent. type: string required: - - lagThreshold + - apiVersion + - kind + - name type: object - topic: - type: string - required: - - authRequired - - brokers - type: object - type: object - logLevel: - type: string - mqtt: - additionalProperties: - properties: - caCert: - type: string - cleanSession: - type: boolean - clientCert: - type: string - clientKey: - type: string - consumerID: + uri: type: string - qos: - format: int64 - type: integer - retain: - type: boolean - topic: - type: string - url: - type: string - required: - - topic - - url type: object - type: object - redis: - additionalProperties: - properties: - dialTimeout: - type: string - enableTLS: - type: boolean - failover: - type: boolean - idleCheckFrequency: - type: string - idleTimeout: - type: string - maxConnAge: - type: string - minIdleConns: - format: int64 - type: integer - poolSize: - format: int64 - type: integer - poolTimeout: - type: string - processingTimeout: - type: string - readTimeout: - type: string - redeliverInterval: - type: string - redisDB: - format: int64 - type: integer - redisHost: - type: string - redisMaxRetries: - format: int64 - type: integer - redisMaxRetryInterval: - type: string - redisMinRetryInterval: - type: string - redisPassword: - type: string - redisType: - type: string - sentinelMasterName: - type: string - writeTimeout: - type: string - required: - - redisHost - - redisPassword - type: object - type: object - sink: - properties: - ref: + type: object + status: + description: EventSourceStatus defines the observed state of EventSource + properties: + conditions: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + items: properties: - apiVersion: + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + enum: + - EventSourceFunctionCreated + - ErrorCreatingEventSource + - ErrorCreatingEventSourceFunction + - EventSourceIsReady + - ErrorConfiguration + - ErrorToFindExistEventBus + - ErrorGenerateComponent + - ErrorGenerateScaledObject + - PendingCreation + - ErrorToFindTriggerSubscribers + - ErrorCreatingTrigger + - TriggerIsReady + - ErrorCreatingTriggerFunction + - TriggerFunctionCreated type: string - kind: + status: + description: Status of the condition, one of True, False, Unknown. type: string - name: + timestamp: + description: Timestamp of the condition type: string - namespace: + type: + description: Type of condition + enum: + - Created + - Error + - Pending + - Unknown + - Terminating + - Terminated + - Ready type: string required: - - apiVersion - - kind - - name + - status + - type type: object - uri: - type: string - type: object - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - enum: - - EventSourceFunctionCreated - - ErrorCreatingEventSource - - ErrorCreatingEventSourceFunction - - EventSourceIsReady - - ErrorConfiguration - - ErrorToFindExistEventBus - - ErrorGenerateComponent - - ErrorGenerateScaledObject - - PendingCreation - - ErrorToFindTriggerSubscribers - - ErrorCreatingTrigger - - TriggerIsReady - - ErrorCreatingTriggerFunction - - TriggerFunctionCreated - type: string - status: - type: string - timestamp: - type: string - type: - enum: - - Created - - Error - - Pending - - Unknown - - Terminating - - Terminated - - Ready - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/openfunction/crds/function.yaml b/openfunction/crds/function.yaml index 28c8ead..75e8d55 100644 --- a/openfunction/crds/function.yaml +++ b/openfunction/crds/function.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: functions.core.openfunction.io + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 spec: conversion: strategy: Webhook @@ -46,102 +48,172 @@ spec: name: v1beta1 schema: openAPIV3Schema: + description: Function is the Schema for the functions API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: FunctionSpec defines the desired state of Function properties: build: + description: Information needed to build a function. The build step + will be skipped if Build is nil. properties: builder: + description: Builder refers to the image containing the build tools + to build the source code. type: string builderCredentials: + description: BuilderCredentials references a Secret that contains + credentials to access the builder image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic builderMaxAge: + description: The duration to retain a completed builder, defaults + to 0 (forever). type: string dockerfile: + description: Dockerfile is the path to the Dockerfile used by build + strategies that rely on the Dockerfile to build an image. type: string env: additionalProperties: type: string + description: Environment variables to pass to the builder. type: object failedBuildsHistoryLimit: + description: The number of failed builds to retain, default is 1. format: int32 type: integer params: additionalProperties: type: string + description: 'Params is a list of key/value that could be used to + set strategy parameters. When using _params_, users should avoid: + Defining a parameter name that doesn''t match one of the `spec.parameters` + defined in the `BuildStrategy`. Defining a parameter name that + collides with the Shipwright reserved parameters including BUILDER_IMAGE,DOCKERFILE,CONTEXT_DIR + and any name starting with shp-.' type: object shipwright: + description: The configuration for the `Shipwright` build engine. properties: strategy: + description: Strategy references the BuildStrategy to use to + build the image. properties: kind: + description: BuildStrategyKind indicates the kind of the + build strategy BuildStrategy or ClusterBuildStrategy, + default to BuildStrategy. type: string name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string required: - name type: object timeout: + description: Timeout defines the maximum amount of time the + Build should take to execute. format: duration type: string type: object srcRepo: + description: Function Source code repository properties: bundleContainer: + description: BundleContainer properties: image: + description: Image reference, i.e. quay.io/org/image:tag type: string required: - image type: object credentials: + description: Credentials references a Secret that contains credentials + to access the repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic revision: + description: Git revision to check out (branch, tag, sha, ref…) + (default:"") type: string sourceSubPath: + description: A subpath within the `source` input where the source + to build is located. type: string url: + description: Git url to clone type: string type: object successfulBuildsHistoryLimit: + description: The number of successful builds to retain, default + is 0. format: int32 type: integer timeout: + description: Timeout defines the maximum amount of time the Build + should take to execute. type: string required: - srcRepo type: object image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic port: + description: The port on which the function will be invoked format: int32 type: integer route: + description: Information needed to make HTTPRoute. Will attempt to make + HTTPRoute using the default Gateway resource if Route is nil. properties: gatewayRef: + description: GatewayRef references the Gateway resources that a + Route wants to be attached to. properties: name: + description: Name is the name of the referent. It refers to + the name of a Gateway resource. maxLength: 253 minLength: 1 type: string namespace: + description: Namespace is the namespace of the referent. When + unspecified, this refers to the local namespace of the Route. maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -151,7 +223,22 @@ spec: - namespace type: object hostnames: + description: Hostnames defines a set of hostname that should match + against the HTTP Host header to select a HTTPRoute to process + the request. items: + description: "Hostname is the fully qualified domain name of a + network host. This matches the RFC 1123 definition of a hostname + with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname + may be prefixed with a wildcard label (`*.`). The wildcard label + must appear by itself as the first label. \n Hostname can be + \"precise\" which is a domain name without the terminating dot + of a network host (e.g. \"foo.example.com\") or \"wildcard\", + which is a domain name prefixed with a single wildcard label + (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric characters + or '-', and must start and end with an alphanumeric character. + No other punctuation is allowed." maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -159,26 +246,66 @@ spec: maxItems: 16 type: array rules: + description: Rules are a list of HTTP matchers, filters and actions. items: + description: HTTPRouteRule defines semantics for matching an HTTP + request based on conditions (matches), processing it (filters), + and forwarding the request to an API object (backendRefs). properties: backendRefs: + description: "If unspecified or invalid (refers to a non-existent + resource or a Service with no endpoints), the rule performs + no forwarding. If there are also no filters specified that + would result in a response being sent, a HTTP 503 status + code is returned. 503 responses must be sent so that the + overall weight is respected; if an invalid backend is requested + to have 80% of requests, then 80% of requests must get a + 503 instead. \n Support: Core for Kubernetes Service Support: + Custom for any other resource \n Support for weight: Core" items: + description: HTTPBackendRef defines how a HTTPRoute should + forward an HTTP request. properties: filters: + description: "Filters defined at this level should be + executed if and only if the request is being forwarded + to the backend defined here. \n Support: Custom (For + broader support of filters, use the Filters field + in HTTPRouteRule.)" items: + description: HTTPRouteFilter defines processing steps + that must be completed during the request or response + lifecycle. HTTPRouteFilters are meant as an extension + point to express processing that may be done in + Gateway implementations. Some examples include request + or response modification, implementing authentication + strategies, rate-limiting, and traffic shaping. + API guarantee/conformance is defined based on the + type of the filter. properties: extensionRef: + description: "ExtensionRef is an optional, implementation-specific + extension to the \"filter\" behavior. For example, + resource \"myroutefilter\" in group \"networking.example.net\"). + ExtensionRef MUST NOT be used for core and extended + filters. \n Support: Implementation-specific" properties: group: + description: Group is the group of the referent. + For example, "networking.k8s.io". When unspecified + (empty string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string @@ -188,16 +315,43 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier defines a + schema for a filter that modifies request headers. + \n Support: Core" properties: add: + description: "Add adds the given header(s) + (name, value) to the request before the + action. It appends to any existing values + associated with the header name. \n Input: + GET /foo HTTP/1.1 my-header: foo \n Config: + add: - name: \"my-header\" value: \"bar\" + \n Output: GET /foo HTTP/1.1 my-header: + foo my-header: bar" items: + description: HTTPHeader represents an HTTP + Header name and value as defined by RFC + 7230. properties: name: + description: "Name is the name of the + HTTP Header to be matched. Name matching + MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with + an equivalent name MUST be considered + for a match. Subsequent entries with + an equivalent header name MUST be + ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" + are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of HTTP + Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -211,19 +365,51 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given header(s) from + the HTTP request before the action. The + value of Remove is a list of HTTP header + names. Note that the header names are case-insensitive + (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 my-header1: + foo my-header2: bar my-header3: baz \n Config: + remove: [\"my-header1\", \"my-header3\"] + \n Output: GET /foo HTTP/1.1 my-header2: + bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the request with + the given header (name, value) before the + action. \n Input: GET /foo HTTP/1.1 my-header: + foo \n Config: set: - name: \"my-header\" + value: \"bar\" \n Output: GET /foo HTTP/1.1 + my-header: bar" items: + description: HTTPHeader represents an HTTP + Header name and value as defined by RFC + 7230. properties: name: + description: "Name is the name of the + HTTP Header to be matched. Name matching + MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with + an equivalent name MUST be considered + for a match. Subsequent entries with + an equivalent header name MUST be + ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" + are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of HTTP + Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -238,30 +424,77 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines a schema for + a filter that mirrors requests. Requests are + sent to the specified destination, but responses + from that destination are ignored. \n Support: + Extended" properties: backendRef: + description: "BackendRef references a resource + where mirrored requests are sent. \n If + the referent cannot be found, this BackendRef + is invalid and must be dropped from the + Gateway. The controller must ensure the + \"ResolvedRefs\" condition on the Route + status is set to `status: False` and not + configure this backend in the underlying + implementation. \n If there is a cross-namespace + reference to an *existing* object that is + not allowed by a ReferencePolicy, the controller + must ensure the \"ResolvedRefs\" condition + on the Route is set to `status: False`, + with the \"RefNotPermitted\" reason and + not configure this backend in the underlying + implementation. \n In either error case, + the Message of the `ResolvedRefs` Condition + should be used to provide more detail about + the problem. \n Support: Extended for Kubernetes + Service Support: Custom for any other resource" properties: group: default: "" + description: Group is the group of the + referent. For example, "networking.k8s.io". + When unspecified (empty string), core + API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace + of the backend. When unspecified, the + local namespace is inferred. \n Note + that when a namespace is specified, + a ReferencePolicy object is required + in the referent namespace to allow that + namespace's owner to accept the reference. + See the ReferencePolicy documentation + for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination + port number to use for this resource. + Port is required when the referent is + a Kubernetes Service. For other resources, + destination port might be derived from + the referent resource or this field. format: int32 maximum: 65535 minimum: 1 @@ -273,30 +506,74 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines a schema + for a filter that responds to the request with + an HTTP redirection. \n Support: Core" properties: hostname: + description: "Hostname is the hostname to + be used in the value of the `Location` header + in the response. When empty, the hostname + of the request is used. \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port to be used + in the value of the `Location` header in + the response. When empty, port (if specified) + of the request is used. \n Support: Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme to be used + in the value of the `Location` header in + the response. When empty, the scheme of + the request is used. \n Support: Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the HTTP status + code to be used in response. \n Support: + Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the type of filter + to apply. As with other API fields, types are + classified into three conformance levels: \n + - Core: Filter types and their corresponding + configuration defined by \"Support: Core\" in + this package, e.g. \"RequestHeaderModifier\". + All implementations must support core filters. + \n - Extended: Filter types and their corresponding + configuration defined by \"Support: Extended\" + in this package, e.g. \"RequestMirror\". Implementers + are encouraged to support extended filters. + \n - Custom: Filters that are defined and supported + by specific vendors. In the future, filters + showing convergence in behavior across multiple + implementations will be considered for inclusion + in extended or core conformance levels. Filter-specific + configuration for such filters is specified + using the ExtensionRef field. `Type` should + be set to \"ExtensionRef\" for custom filters. + \n Implementers are encouraged to define custom + implementation types to extend the core API + with implementation-specific behavior. \n If + a reference to a custom filter type cannot be + resolved, the filter MUST NOT be skipped. Instead, + requests that would have been processed by that + filter MUST receive a HTTP error response." enum: - RequestHeaderModifier - RequestMirror @@ -310,31 +587,62 @@ spec: type: array group: default: "" + description: Group is the group of the referent. For + example, "networking.k8s.io". When unspecified (empty + string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. For example + "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace of the backend. + When unspecified, the local namespace is inferred. + \n Note that when a namespace is specified, a ReferencePolicy + object is required in the referent namespace to allow + that namespace's owner to accept the reference. See + the ReferencePolicy documentation for details. \n + Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination port number + to use for this resource. Port is required when the + referent is a Kubernetes Service. For other resources, + destination port might be derived from the referent + resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer weight: default: 1 + description: "Weight specifies the proportion of requests + forwarded to the referenced backend. This is computed + as weight/(sum of all weights in this BackendRefs + list). For non-zero values, there may be some epsilon + from the exact proportion defined here depending on + the precision an implementation supports. Weight is + not a percentage and the sum of weights does not need + to equal 100. \n If only one backend is specified + and it has a weight greater than 0, 100% of the traffic + is forwarded to that backend. If weight is set to + 0, no traffic should be forwarded for this entry. + If unspecified, weight defaults to 1. \n Support for + this field varies based on the context where used." format: int32 maximum: 1000000 minimum: 0 @@ -345,20 +653,50 @@ spec: maxItems: 16 type: array filters: + description: "Filters define the filters that are applied + to requests that match this rule. \n The effects of ordering + of multiple behaviors are currently unspecified. This can + change in the future based on feedback during the alpha + stage. \n Conformance-levels at this level are defined based + on the type of filter: \n - ALL core filters MUST be supported + by all implementations. - Implementers are encouraged to + support extended filters. - Implementation-specific custom + filters have no API guarantees across implementations. \n + Specifying a core filter multiple times has unspecified + or custom conformance. \n Support: Core" items: + description: HTTPRouteFilter defines processing steps that + must be completed during the request or response lifecycle. + HTTPRouteFilters are meant as an extension point to express + processing that may be done in Gateway implementations. + Some examples include request or response modification, + implementing authentication strategies, rate-limiting, + and traffic shaping. API guarantee/conformance is defined + based on the type of the filter. properties: extensionRef: + description: "ExtensionRef is an optional, implementation-specific + extension to the \"filter\" behavior. For example, + resource \"myroutefilter\" in group \"networking.example.net\"). + ExtensionRef MUST NOT be used for core and extended + filters. \n Support: Implementation-specific" properties: group: + description: Group is the group of the referent. + For example, "networking.k8s.io". When unspecified + (empty string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the referent. For example + "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string @@ -368,16 +706,40 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier defines a schema + for a filter that modifies request headers. \n Support: + Core" properties: add: + description: "Add adds the given header(s) (name, + value) to the request before the action. It appends + to any existing values associated with the header + name. \n Input: GET /foo HTTP/1.1 my-header: foo + \n Config: add: - name: \"my-header\" value: \"bar\" + \n Output: GET /foo HTTP/1.1 my-header: foo my-header: + bar" items: + description: HTTPHeader represents an HTTP Header + name and value as defined by RFC 7230. properties: name: + description: "Name is the name of the HTTP + Header to be matched. Name matching MUST + be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent header name MUST + be ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" are + considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of HTTP Header + to be matched. maxLength: 4096 minLength: 1 type: string @@ -391,19 +753,46 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given header(s) from the + HTTP request before the action. The value of Remove + is a list of HTTP header names. Note that the + header names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2: + bar my-header3: baz \n Config: remove: [\"my-header1\", + \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2: + bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the request with the + given header (name, value) before the action. + \n Input: GET /foo HTTP/1.1 my-header: foo \n + Config: set: - name: \"my-header\" value: \"bar\" + \n Output: GET /foo HTTP/1.1 my-header: bar" items: + description: HTTPHeader represents an HTTP Header + name and value as defined by RFC 7230. properties: name: + description: "Name is the name of the HTTP + Header to be matched. Name matching MUST + be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent header name MUST + be ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" are + considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of HTTP Header + to be matched. maxLength: 4096 minLength: 1 type: string @@ -418,30 +807,72 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines a schema for a filter + that mirrors requests. Requests are sent to the specified + destination, but responses from that destination are + ignored. \n Support: Extended" properties: backendRef: + description: "BackendRef references a resource where + mirrored requests are sent. \n If the referent + cannot be found, this BackendRef is invalid and + must be dropped from the Gateway. The controller + must ensure the \"ResolvedRefs\" condition on + the Route status is set to `status: False` and + not configure this backend in the underlying implementation. + \n If there is a cross-namespace reference to + an *existing* object that is not allowed by a + ReferencePolicy, the controller must ensure the + \"ResolvedRefs\" condition on the Route is set + to `status: False`, with the \"RefNotPermitted\" + reason and not configure this backend in the underlying + implementation. \n In either error case, the Message + of the `ResolvedRefs` Condition should be used + to provide more detail about the problem. \n Support: + Extended for Kubernetes Service Support: Custom + for any other resource" properties: group: default: "" + description: Group is the group of the referent. + For example, "networking.k8s.io". When unspecified + (empty string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. For + example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace of + the backend. When unspecified, the local namespace + is inferred. \n Note that when a namespace + is specified, a ReferencePolicy object is + required in the referent namespace to allow + that namespace's owner to accept the reference. + See the ReferencePolicy documentation for + details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination + port number to use for this resource. Port + is required when the referent is a Kubernetes + Service. For other resources, destination + port might be derived from the referent resource + or this field. format: int32 maximum: 65535 minimum: 1 @@ -453,30 +884,70 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines a schema for a + filter that responds to the request with an HTTP redirection. + \n Support: Core" properties: hostname: + description: "Hostname is the hostname to be used + in the value of the `Location` header in the response. + When empty, the hostname of the request is used. + \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port to be used in the + value of the `Location` header in the response. + When empty, port (if specified) of the request + is used. \n Support: Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme to be used in + the value of the `Location` header in the response. + When empty, the scheme of the request is used. + \n Support: Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the HTTP status code + to be used in response. \n Support: Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the type of filter to + apply. As with other API fields, types are classified + into three conformance levels: \n - Core: Filter types + and their corresponding configuration defined by \"Support: + Core\" in this package, e.g. \"RequestHeaderModifier\". + All implementations must support core filters. \n + - Extended: Filter types and their corresponding configuration + defined by \"Support: Extended\" in this package, + e.g. \"RequestMirror\". Implementers are encouraged + to support extended filters. \n - Custom: Filters + that are defined and supported by specific vendors. + In the future, filters showing convergence in behavior + across multiple implementations will be considered + for inclusion in extended or core conformance levels. + Filter-specific configuration for such filters is + specified using the ExtensionRef field. `Type` should + be set to \"ExtensionRef\" for custom filters. \n + Implementers are encouraged to define custom implementation + types to extend the core API with implementation-specific + behavior. \n If a reference to a custom filter type + cannot be resolved, the filter MUST NOT be skipped. + Instead, requests that would have been processed by + that filter MUST receive a HTTP error response." enum: - RequestHeaderModifier - RequestMirror @@ -493,23 +964,90 @@ spec: - path: type: PathPrefix value: / + description: "Matches define conditions used for matching + the rule against incoming HTTP requests. Each match is independent, + i.e. this rule will be matched if **any** one of the matches + is satisfied. \n For example, take the following matches + configuration: \n ``` matches: - path: value: \"/foo\" headers: + - name: \"version\" value: \"v2\" - path: value: \"/v2/foo\" + ``` \n For a request to match against this rule, a request + must satisfy EITHER of the two conditions: \n - path prefixed + with `/foo` AND contains the header `version: v2` - path + prefix of `/v2/foo` \n See the documentation for HTTPRouteMatch + on how to specify multiple match conditions that should + be ANDed together. \n If no matches are specified, the default + is a prefix path match on \"/\", which has the effect of + matching every HTTP request. \n Proxy or Load Balancer routing + configuration generated from HTTPRoutes MUST prioritize + rules based on the following criteria, continuing on ties. + Precedence must be given to the the Rule with the largest + number of: \n * Characters in a matching non-wildcard hostname. + * Characters in a matching hostname. * Characters in a matching + path. * Header matches. * Query param matches. \n If ties + still exist across multiple Routes, matching precedence + MUST be determined in order of the following criteria, continuing + on ties: \n * The oldest Route based on creation timestamp. + * The Route appearing first in alphabetical order by \"/\". + \n If ties still exist within the Route that has been given + precedence, matching precedence MUST be granted to the first + matching rule meeting the above criteria." items: + description: "HTTPRouteMatch defines the predicate used + to match requests to a given action. Multiple match types + are ANDed together, i.e. the match will evaluate to true + only if all conditions are satisfied. \n For example, + the match below will match a HTTP request only if its + path starts with `/foo` AND it contains the `version: + v1` header: \n ``` match: path: value: \"/foo\" headers: + - name: \"version\" value \"v1\" ```" properties: headers: + description: Headers specifies HTTP request header matchers. + Multiple match values are ANDed together, meaning, + a request must match all the specified headers to + select the route. items: + description: HTTPHeaderMatch describes how to select + a HTTP route by matching HTTP request headers. properties: name: + description: "Name is the name of the HTTP Header + to be matched. Name matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent header + names, only the first entry with an equivalent + name MUST be considered for a match. Subsequent + entries with an equivalent header name MUST + be ignored. Due to the case-insensitivity of + header names, \"foo\" and \"Foo\" are considered + equivalent. \n When a header is repeated in + an HTTP request, it is implementation-specific + behavior as to how this is represented. Generally, + proxies should follow the guidance from the + RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 + regarding processing a repeated header, with + special handling for \"Set-Cookie\"." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact + description: "Type specifies how to match against + the value of the header. \n Support: Core (Exact) + \n Support: Custom (RegularExpression) \n Since + RegularExpression HeaderMatchType has custom + conformance, implementations can support POSIX, + PCRE or any other dialects of regular expressions. + Please read the implementation's documentation + to determine the supported dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of HTTP Header + to be matched. maxLength: 4096 minLength: 1 type: string @@ -523,6 +1061,10 @@ spec: - name x-kubernetes-list-type: map method: + description: "Method specifies HTTP method matcher. + When specified, this route will be matched only if + the request has the specified method. \n Support: + Extended" enum: - GET - HEAD @@ -538,9 +1080,15 @@ spec: default: type: PathPrefix value: / + description: Path specifies a HTTP request path matcher. + If this field is not specified, a default prefix match + on the "/" path is provided. properties: type: default: PathPrefix + description: "Type specifies how to match against + the path Value. \n Support: Core (Exact, PathPrefix) + \n Support: Custom (RegularExpression)" enum: - Exact - PathPrefix @@ -548,23 +1096,43 @@ spec: type: string value: default: / + description: Value of the HTTP path to match against. maxLength: 1024 type: string type: object queryParams: + description: QueryParams specifies HTTP query parameter + matchers. Multiple match values are ANDed together, + meaning, a request must match all the specified query + parameters to select the route. items: + description: HTTPQueryParamMatch describes how to + select a HTTP route by matching HTTP query parameters. properties: name: + description: Name is the name of the HTTP query + param to be matched. This must be an exact string + match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). maxLength: 256 minLength: 1 type: string type: default: Exact + description: "Type specifies how to match against + the value of the query parameter. \n Support: + Extended (Exact) \n Support: Custom (RegularExpression) + \n Since RegularExpression QueryParamMatchType + has custom conformance, implementations can + support POSIX, PCRE or any other dialects of + regular expressions. Please read the implementation's + documentation to determine the supported dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of HTTP query + param to be matched. maxLength: 1024 minLength: 1 type: string @@ -585,13 +1153,17 @@ spec: type: array type: object serving: + description: Information needed to run a function. The serving step + will be skipped if `Serving` is nil. properties: annotations: additionalProperties: type: string + description: Annotations that will be added to the workload. type: object bindings: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -599,10 +1171,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -613,7 +1189,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -628,21 +1205,31 @@ spec: - type - version type: object + description: Configurations of dapr bindings components. type: object inputs: + description: Function inputs from Dapr components including binding, + pubsub Available for Async Runtime only. items: properties: component: + description: Component indicates the name of components in + Dapr type: string name: + description: The name of DaprIO. type: string operation: + description: Operation field tells the Dapr component which + operation it should perform. type: string params: additionalProperties: type: string + description: Parameters for dapr input/output. type: object topic: + description: Topic name of mq, required when type is pubsub type: string required: - component @@ -652,21 +1239,32 @@ spec: labels: additionalProperties: type: string + description: Parameters of asyncFunc runtime, must not be nil when + runtime is OpenFuncAsync. type: object outputs: + description: Function outputs from Dapr components including binding, + pubsub items: properties: component: + description: Component indicates the name of components in + Dapr type: string name: + description: The name of DaprIO. type: string operation: + description: Operation field tells the Dapr component which + operation it should perform. type: string params: additionalProperties: type: string + description: Parameters for dapr input/output. type: object topic: + description: Topic name of mq, required when type is pubsub type: string required: - component @@ -676,9 +1274,13 @@ spec: params: additionalProperties: type: string + description: Parameters to pass to the serving. All parameters will + be injected into the pod as environment variables. Function code + can use these parameters by getting environment variables type: object pubsub: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -686,10 +1288,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -700,7 +1306,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -715,13 +1322,18 @@ spec: - type - version type: object + description: Configurations of dapr pubsub components. type: object runtime: + description: The configuration of the backend runtime for running + function. enum: - knative - async type: string scaleOptions: + description: The ScaleOptions will help us to set up guidelines + for the autoscaling of function workloads. properties: keda: properties: @@ -737,14 +1349,20 @@ spec: format: int32 type: integer restartPolicy: + description: Restart policy for all containers within + the pod. One of 'OnFailure', 'Never'. Default to 'Never'. type: string scalingStrategy: + description: ScalingStrategy defines the strategy of + Scaling properties: customScalingQueueLengthDeduction: format: int32 type: integer customScalingRunningJobPercentage: type: string + multipleScalersCalculation: + type: string pendingPodConditions: items: type: string @@ -759,22 +1377,56 @@ spec: scaledObject: properties: advanced: + description: AdvancedConfig specifies advance scaling + options properties: horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies + horizontal scale config properties: behavior: + description: HorizontalPodAutoscalerBehavior + configures the scaling behavior of the target + in both Up and Down directions (scaleUp and + scaleDown fields respectively). properties: scaleDown: + description: scaleDown is scaling policy + for scaling Down. If not set, the default + value is to allow to scale down to minReplicas + pods, with a 300 second stabilization + window (i.e., the highest recommendation + for the last 300sec is used). properties: policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero format: int32 type: integer required: @@ -783,23 +1435,66 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value Max + is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object scaleUp: + description: 'scaleUp is scaling policy + for scaling Up. If not set, the default + value is the higher of: * increase no + more than 4 pods per 60 seconds * double + the number of pods per 60 seconds No stabilization + is used.' properties: policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero format: int32 type: integer required: @@ -808,13 +1503,32 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value Max + is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object type: object + name: + type: string type: object restoreToOriginalReplicaCount: type: boolean @@ -832,12 +1546,16 @@ spec: format: int32 type: integer workloadType: + description: How to run the function, known values are + Deployment or StatefulSet, default is Deployment. type: string type: object type: object knative: additionalProperties: type: string + description: Refer to https://knative.dev/docs/serving/autoscaling/ + to learn more about the autoscaling options of Knative Serving. type: object maxReplicas: format: int32 @@ -848,6 +1566,7 @@ spec: type: object states: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -855,10 +1574,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -869,7 +1592,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -884,29 +1608,80 @@ spec: - type - version type: object + description: Configurations of dapr state components. type: object template: + description: Template describes the pods that will be created. The + container named `function` is the container which is used to run + the image built by the builder. If it is not set, the controller + will automatically add one. properties: activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will actively + try to mark it failed and kill associated containers. Value + must be a positive integer. format: int64 type: integer affinity: + description: If specified, the pod's scheduling constraints properties: nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). properties: preference: + description: A node selector term, associated + with the corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -916,13 +1691,35 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -932,7 +1729,11 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. format: int32 type: integer required: @@ -941,18 +1742,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an + update), the system may or may not try to eventually + evict the pod from its node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -962,13 +1798,35 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -978,28 +1836,73 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1011,18 +1914,54 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1034,18 +1973,44 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. format: int32 type: integer required: @@ -1054,18 +2019,57 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1077,18 +2081,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1100,13 +2138,35 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey @@ -1114,22 +2174,65 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1141,18 +2244,54 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1164,18 +2303,44 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. format: int32 type: integer required: @@ -1184,18 +2349,57 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1207,18 +2411,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -1230,13 +2468,35 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey @@ -1245,124 +2505,279 @@ spec: type: object type: object automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. type: boolean containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least + one container in a Pod. Cannot be updated. items: + description: A single application container that you want + to run within a pod. properties: args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The container image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1370,49 +2785,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1420,25 +2888,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1446,37 +2932,74 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1484,62 +3007,131 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on the + default "0.0.0.0" address inside a container will be + accessible from the network. Modifying this array with + strategic merge patch may corrupt the data. For more + information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -1550,37 +3142,74 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1588,47 +3217,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1636,6 +3330,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1644,101 +3340,270 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields of + PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1746,61 +3611,143 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1808,19 +3755,43 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -1828,152 +3799,343 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. properties: nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array options: + description: A list of DNS resolver options. This will be + merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in the + base DNSPolicy. items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. properties: name: + description: Required. type: string value: type: string type: object type: array searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. items: type: string type: array type: object dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' type: boolean ephemeralContainers: + description: List of ephemeral containers run in this pod. Ephemeral + containers may be run in an existing pod to perform user-initiated + actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the + pod spec. In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. items: + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities + such as debugging. Ephemeral containers have no resource + or scheduling guarantees, and they will not be restarted + when they exit or when a Pod is removed or restarted. The + kubelet may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To add an + ephemeral container, use the ephemeralcontainers subresource + of an existing Pod. Ephemeral containers may not be removed + or restarted." properties: args: + description: 'Arguments to the entrypoint. The image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Lifecycle is not allowed for ephemeral containers. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1981,49 +4143,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2031,25 +4246,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2057,37 +4290,72 @@ spec: type: object type: object livenessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2095,62 +4363,124 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among all containers, + init containers and ephemeral containers. type: string ports: + description: Ports are not allowed for ephemeral containers. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -2161,37 +4491,72 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2199,47 +4564,113 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: Resources are not allowed for ephemeral containers. + Ephemeral containers use spare resources already allocated + to the pod. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2247,6 +4678,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2255,101 +4688,262 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'Optional: SecurityContext defines the security + options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent + fields of PodSecurityContext.' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2357,63 +4951,153 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean targetContainerName: + description: "If set, the name of the container from PodSpec + that this ephemeral container targets. The ephemeral + container will be run in the namespaces (IPC, PID, etc) + of this container. If not set then the ephemeral container + uses the namespaces configured in the Pod spec. \n The + container runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -2421,19 +5105,44 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -2441,154 +5150,362 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string type: object type: array hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' type: boolean hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. type: boolean hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be run + in the host user namespace, useful for when the pod needs + a feature only available to the host user namespace, such + as loading a kernel module with CAP_SYS_MODULE. When set to + false, a new userns is created for the pod. Setting false + is useful for mitigating container breakout vulnerabilities + even allowing users to run their containers as root without + actually having root privileges on the host. This field is + alpha-level and is only honored by servers that enable the + UserNamespacesSupport feature.' type: boolean hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of + the images used by this PodSpec. If specified, these secrets + will be passed to individual puller implementations for them + to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: + description: 'List of initialization containers belonging to + the pod. Init containers are executed in order prior to containers + being started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, Liveness probes, or Startup + probes. The resourceRequirements of an init container are + taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max + of of that value or the sum of the normal containers. Limits + are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be + updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: + description: A single application container that you want + to run within a pod. properties: args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The container image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2596,49 +5513,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2646,25 +5616,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2672,37 +5660,74 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2710,62 +5735,131 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on the + default "0.0.0.0" address inside a container will be + accessible from the network. Modifying this array with + strategic merge patch may corrupt the data. For more + information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -2776,37 +5870,74 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2814,47 +5945,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2862,6 +6058,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2870,101 +6068,270 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields of + PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2972,61 +6339,143 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -3034,19 +6483,43 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -3054,21 +6527,54 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits resource + requirements. type: string nodeSelector: additionalProperties: type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match a + node''s labels for the pod to be scheduled on that node. More + info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + \n If the OS field is set to linux, the following fields must + be unset: -securityContext.windowsOptions \n If the OS field + is set to windows, following fields must be unset: - spec.hostPID + - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" properties: name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be one + of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' type: string required: - name @@ -3080,75 +6586,282 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field will + be autopopulated at admission time by the RuntimeClass admission + controller. If the RuntimeClass admission controller is enabled, + overhead must not be set in Pod create requests. The RuntimeClass + admission controller will reject Pod create requests which + have the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will + remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods + with lower priority. One of Never, PreemptLowerPriority. Defaults + to PreemptLowerPriority if unset. type: string priority: + description: The priority value. Various system components use + this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from setting + this field. The admission controller populates this field + from PriorityClassName. The higher the value, the higher the + priority. format: int32 type: integer priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, the + pod priority will be default or zero if there is no default. type: string readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness gates + have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: + description: PodReadinessGate contains the reference to a + pod condition properties: conditionType: + description: ConditionType refers to a condition in the + pod's condition list with matching type. type: string required: - conditionType type: object type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims must + be allocated and reserved before the Pod is allowed to start. + The resources will be made available to those containers which + consume them by name. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. \n This + field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely + identifies the ResourceClaim inside the Pod. Containers + that need access to the ResourceClaim reference it with + this name. + properties: + name: + description: Name uniquely identifies this resource claim + inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a ResourceClaim + object in the same namespace as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name + of a ResourceClaimTemplate object in the same namespace + as this pod. \n The template will be used to create + a new ResourceClaim, which will be bound to this + pod. When this pod is deleted, the ResourceClaim + will also be deleted. The name of the ResourceClaim + will be -, where is the PodResourceClaim.Name. Pod validation + will reject the pod if the concatenated name is + not valid for a ResourceClaim (e.g. too long). \n + An existing ResourceClaim with that name that is + not owned by the pod will not be used for the pod + to avoid using an unrelated resource by mistake. + Scheduling and pod startup are then blocked until + the unrelated ResourceClaim is removed. \n This + field is immutable and no changes will be made to + the corresponding ResourceClaim by the control plane + after creating the ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: + description: 'Restart policy for all containers within the pod. + One of Always, OnFailure, Never. Default to Always. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' type: string runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" RuntimeClass + will be used, which is an implicit class with an empty definition + that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched by + default scheduler. type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values that + if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + \n This is an alpha-level feature enabled by PodSchedulingReadiness + feature gate." + items: + description: PodSchedulingGate is associated to a Pod to guard + its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' properties: fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow the + Kubelet to change the ownership of that volume to be owned + by the pod: \n 1. The owning GID will be the FSGroup 2. + The setgid bit is set (new files created in the volume + will be owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not modify + the ownership and permissions of any volume. Note that + this field cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types + which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such + as: secret, configmaps and emptydir. Valid values are + "OnRootMismatch" and "Always". If not specified, "Always" + is used. Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence for + that container. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container process + are still effective, even if they are not included in + this list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer type: array sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. items: + description: Sysctl defines a kernel parameter to be set properties: name: + description: Name of a property to set type: string value: + description: Value of a property to set type: string required: - name @@ -3156,59 +6869,172 @@ spec: type: object type: array windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias + for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' type: string serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string setHostnameAsFQDN: + description: If true the pod's hostname will be configured as + the pod's FQDN, rather than the leaf name (the default). In + Linux containers, this means setting the FQDN in the hostname + field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value + of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. type: boolean shareProcessNamespace: + description: 'Share a single process namespace between all of + the containers in a pod. When this is set containers will + be able to view and signal processes from other containers + in the same pod, and the first process in each container will + not be assigned PID 1. HostPID and ShareProcessNamespace cannot + both be set. Optional: Default to false.' type: boolean subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. type: string terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully. May be decreased in delete request. Value must + be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). If this + value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes + running in the pod are sent a termination signal and the time + when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your + process. Defaults to 30 seconds. format: int64 type: integer tolerations: + description: If specified, the pod's tolerations. items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . properties: effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. type: string key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. type: string operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. type: string tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. properties: labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -3220,14 +7046,131 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A + null or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of + eligible domains. When the number of eligible domains + with matching topology keys is less than minDomains, + Pod Topology Spread treats \"global minimum\" as 0, + and then the calculation of Skew is performed. And when + the number of eligible domains with matching topology + keys equals or greater than minDomains, this value has + no effect on scheduling. As a result, when the number + of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable must be + DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods + with the same labelSelector spread as 2/2/2: | zone1 + | zone2 | zone3 | | P P | P P | P P | The number + of domains is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod with the + same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. \n This + is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will + treat Pod's nodeAffinity/nodeSelector when calculating + pod topology spread skew. Options are: - Honor: only + nodes matching nodeAffinity/nodeSelector are included + in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + Options are: - Honor: nodes without taints, along with + tainted nodes for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. All + nodes are included. \n If this value is nil, the behavior + is equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. type: string whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' type: string required: - maxSkew @@ -3240,104 +7183,240 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. properties: awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default + is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, + the volume partition for /dev/sda is "0" (or you + can leave the property empty).' format: int32 type: integer readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. properties: cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' type: string diskName: + description: diskName is the Name of the data disk + in the blob storage type: string diskURI: + description: diskURI is the URI of data disk in the + blob storage type: string fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. properties: readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key type: string shareName: + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime properties: monitors: + description: 'monitors is Required: Monitors is a + collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is + /' type: string readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: + description: 'secretFile is Optional: SecretFile is + the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: + description: 'secretRef is Optional: SecretRef is + reference to the authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is optional: User is the rados + user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: + description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to + OpenStack.' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: + description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: + description: configMap represents a configMap that should + populate this volume properties: defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -3345,121 +7424,386 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). properties: driver: + description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. type: string fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the + associated CSI driver which will determine the default + filesystem to apply. type: string nodePublishSecretRef: + description: nodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all + secret references are passed. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume properties: defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: Items is a list of downward API volume + file items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of the + relative path must not start with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: + description: 'medium represents what type of storage + medium should back this directory. The default is + "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local + storage required for this EmptyDir volume. The size + limit is also applicable for memory medium. The + maximum usage on memory medium EmptyDir would be + the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle + is tied to the pod that defines it - it will be created + before the pod starts, and deleted when the pod is removed. + \n Use this if: a) the volume is only needed while the + pod runs, b) features of normal volumes like restoring + from snapshot or capacity tracking are needed, c) the + storage driver is specified through a storage class, + and d) the storage driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that + persist for longer than the lifecycle of an individual + pod. \n Use CSI for light-weight local ephemeral volumes + if the CSI driver is meant to be used that way - see + the documentation of the driver for more information. + \n A pod can use both types of ephemeral volumes and + persistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone + PVC to provision the volume. The pod in which this + EphemeralVolumeSource is embedded will be the owner + of the PVC, i.e. the PVC will be deleted together + with the pod. The name of the PVC will be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod + validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid + using an unrelated volume by mistake. Starting the + pod is then blocked until the unrelated PVC is removed. + If such a pre-created PVC is meant to be used by + the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should + not be necessary, but it may be useful when manually + reconstructing a broken cluster. \n This field is + read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, + must not be nil." properties: metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be + rejected during validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into + the PVC that gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. properties: accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced type: string required: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume + binding will only succeed if the type of + the specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the + same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the other is + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves + all values, and generates an error if a + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are lower + than previous value but must still be higher + than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3467,6 +7811,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3475,18 +7822,47 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over + volumes to consider for binding. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -3498,13 +7874,29 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. type: string volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -3512,125 +7904,275 @@ spec: type: object type: object fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' type: string lun: + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: + description: 'wwids Optional: FC volume world wide + identifiers (wwids) Either wwids or combination + of targetWWNs and lun must be set, but not both + simultaneously.' items: type: string type: array type: object flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: + description: driver is the name of the driver to use + for this volume. type: string fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. type: string options: additionalProperties: type: string + description: 'options is Optional: this field holds + extra command options if any.' type: object readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean secretRef: + description: 'secretRef is Optional: secretRef is + reference to the secret object containing sensitive + information to pass to the plugin scripts. This + may be empty if no secret object is specified. If + the secret object contains more than one secret, + all secrets are passed to the plugin scripts.' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running properties: datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated type: string datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default + is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, + the volume partition for /dev/sda is "0" (or you + can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: + description: 'gitRepo represents a git repository at a + particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an EmptyDir + into an InitContainer that clones the repo using git, + then mount the EmptyDir into the Pod''s container.' properties: directory: + description: directory is the target directory name. + Must not contain or start with '..'. If '.' is + supplied, the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: + description: repository is the URL type: string revision: + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: + description: 'glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: + description: 'endpoints is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: + description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: + description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly exposed + to the container. This is generally used for system + agents or other privileged things that are allowed to + see the host machine. Most containers will NOT need + this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' properties: path: + description: 'path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: + description: 'type for HostPath Volume Defaults to + "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication type: boolean chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication type: boolean fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + description: iscsiInterface is the interface Name + that uses an iSCSI transport. Defaults to 'default' + (tcp). type: string lun: + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the + port is other than default (typically TCP ports + 860 and 3260). items: type: string type: array readOnly: + description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. type: boolean secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: + description: targetPortal is iSCSI Target Portal. + The Portal is either an IP or ip_addr:port if the + port is other than default (typically TCP ports + 860 and 3260). type: string required: - iqn @@ -3638,67 +8180,157 @@ spec: - targetPortal type: object name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: + description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: + description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. type: string pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk type: string required: - pdID type: object portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine properties: fsType: + description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean volumeID: + description: volumeID uniquely identifies a Portworx + volume type: string required: - volumeID type: object projected: + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: + description: defaultMode are the mode bits used to + set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: + description: sources is the list of volume projections items: + description: Projection that may be projected along + with other supported volume types properties: configMap: + description: configMap information about the + configMap data to project properties: items: + description: items if unspecified, each + key-value pair in the Data field of the + referenced ConfigMap will be projected + into the volume as a file whose name is + the key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, + the volume setup will error unless it + is marked optional. Paths must be relative + and may not contain the '..' path or start + with '..'. items: + description: Maps a string key to a path + within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. type: string required: - key @@ -3706,60 +8338,155 @@ spec: type: object type: array name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: + description: downwardAPI information about the + downwardAPI data to project properties: items: + description: Items is a list of DownwardAPIVolume + file items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' properties: apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". type: string fieldPath: + description: Path of the field + to select in the specified API + version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: + required for volumes, optional + for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource + to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: + description: secret information about the secret + data to project properties: items: + description: items if unspecified, each + key-value pair in the Data field of the + referenced Secret will be projected into + the volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the + volume setup will error unless it is marked + optional. Paths must be relative and may + not contain the '..' path or start with + '..'. items: + description: Maps a string key to a path + within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. type: string required: - key @@ -3767,18 +8494,46 @@ spec: type: object type: array name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional field specify whether + the Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project properties: audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience + defaults to the identifier of the apiserver. type: string expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The + kubelet will start trying to rotate the + token if the token is older than 80 percent + of its time to live or if the token is + older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. format: int64 type: integer path: + description: path is the path relative to + the mount point of the file to project + the token into. type: string required: - path @@ -3787,74 +8542,159 @@ spec: type: array type: object quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime properties: group: + description: group to map volume access to Default + is no group type: string readOnly: + description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes type: string tenant: + description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin type: string user: + description: user to map volume access to Defaults + to serivceaccount user type: string volume: + description: volume is a string that references an + already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: + description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string image: + description: 'image is the rados image name. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: + description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: + description: 'pool is the rados pool name. Default + is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is the rados user name. Default + is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". type: string gateway: + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretRef: + description: secretRef references to the secret for + ScaleIO user and other sensitive information. If + this is not provided, Login operation will fail. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. type: string system: + description: system is the name of the storage system + as configured in ScaleIO. type: string volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated + with this volume source. type: string required: - gateway @@ -3862,19 +8702,58 @@ spec: - system type: object secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -3882,35 +8761,81 @@ spec: type: object type: array optional: + description: optional field specify whether the Secret + or its keys must be defined type: boolean secretName: + description: 'secretName is the name of the secret + in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretRef: + description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: + description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. type: string volumeNamespace: + description: volumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is + specified then the Pod's namespace will be used. This + allows the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. type: string type: object vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine properties: fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated with + the StoragePolicyName. type: string storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. type: string volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath @@ -3923,35 +8848,51 @@ spec: - containers type: object timeout: + description: Timeout defines the maximum amount of time the Serving + should take to execute before the Serving is running. type: string triggers: + description: Triggers are used to specify the trigger sources of + the function. The Keda (ScaledObject, ScaledJob) configuration + in ScaleOptions cannot take effect without Triggers being set. items: properties: authenticationRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment properties: kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. type: string name: type: string required: - name type: object - fallback: - format: int32 - type: integer metadata: additionalProperties: type: string type: object + metricType: + description: MetricTargetType specifies the type of metric + being targeted, and should be either "Value", "AverageValue", + or "Utilization" + type: string name: type: string targetKind: + description: ScaleTargetKind represents the kind of trigger + target. enum: - object - job type: string type: type: string + useCachedMetrics: + type: boolean required: - metadata - type @@ -3961,21 +8902,29 @@ spec: - runtime type: object version: + description: Function version in format like v1.0.0 type: string workloadRuntime: default: OCIContainer + description: 'WorkloadRuntime for Function. Know values: ``` OCIContainer: + Nodes will run standard OCI container workloads. WasmEdge: Nodes will + run workloads using the crun (with WasmEdge support). ```' type: string required: - image type: object status: + description: FunctionStatus defines the observed state of Function properties: addresses: + description: Addresses holds the addresses that used to access the Function. items: properties: type: + description: Type of the address. type: string value: + description: Value of the address. maxLength: 253 minLength: 1 type: string @@ -4005,30 +8954,67 @@ spec: route: properties: conditions: + description: Conditions describes the status of the route with respect + to the Gateway. Note that the route's availability is also subject + to the Gateway's own status conditions and listener status. items: + description: "Condition contains details for one aspect of the + current state of this API Resource. --- This struct is intended + for direct use as an array at the field path .status.conditions. + \ For example, \n type FooStatus struct{ // Represents the observations + of a foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + // +patchStrategy=merge // +listType=map // +listMapKey=type + Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" properties: lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. format: date-time type: string message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: + description: status of the condition, one of True, False, + Unknown. enum: - "True" - "False" - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -4046,7 +9032,20 @@ spec: - type x-kubernetes-list-type: map hosts: + description: Hosts list all actual hostnames of HTTPRoute. items: + description: "Hostname is the fully qualified domain name of a + network host. This matches the RFC 1123 definition of a hostname + with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname + may be prefixed with a wildcard label (`*.`). The wildcard label + must appear by itself as the first label. \n Hostname can be + \"precise\" which is a domain name without the terminating dot + of a network host (e.g. \"foo.example.com\") or \"wildcard\", + which is a domain name prefixed with a single wildcard label + (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric characters + or '-', and must start and end with an alphanumeric character. + No other punctuation is allowed." maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -4054,10 +9053,16 @@ spec: maxItems: 16 type: array paths: + description: Paths list all actual paths of HTTPRoute. items: + description: HTTPPathMatch describes how to select a HTTP route + by matching the HTTP request path. properties: type: default: PathPrefix + description: "Type specifies how to match against the path + Value. \n Support: Core (Exact, PathPrefix) \n Support: + Custom (RegularExpression)" enum: - Exact - PathPrefix @@ -4065,6 +9070,7 @@ spec: type: string value: default: / + description: Value of the HTTP path to match against. maxLength: 1024 type: string type: object @@ -4085,23 +9091,39 @@ spec: type: string type: object sources: + description: Sources holds the results emitted from the step definition + of different sources items: + description: SourceResult holds the results emitted from the different + sources properties: bundle: + description: Bundle holds the results emitted from from the step + definition of bundle source properties: digest: + description: Digest hold the image digest result type: string type: object git: + description: Git holds the results emitted from from the step + definition of a git source properties: branchName: + description: BranchName holds the default branch name of the + git source this will be set only when revision is not specified + in Build object type: string commitAuthor: + description: CommitAuthor holds the commit author of a git + source type: string commitSha: + description: CommitSha holds the commit sha of git source type: string type: object name: + description: Name is the name of source type: string required: - name @@ -4135,96 +9157,162 @@ spec: name: v1beta2 schema: openAPIV3Schema: + description: Function is the Schema for the functions API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: FunctionSpec defines the desired state of Function properties: build: + description: Information needed to build a function. The build step + will be skipped if Build is nil. properties: builder: + description: Builder refers to the image containing the build tools + to build the source code. type: string builderCredentials: + description: BuilderCredentials references a Secret that contains + credentials to access the builder image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic builderMaxAge: + description: The duration to retain a completed builder, defaults + to 0 (forever). type: string dockerfile: + description: Dockerfile is the path to the Dockerfile used by build + strategies that rely on the Dockerfile to build an image. type: string env: additionalProperties: type: string + description: Environment variables to pass to the builder. type: object failedBuildsHistoryLimit: + description: The number of failed builds to retain, default is 1. format: int32 type: integer shipwright: + description: The configuration for the `Shipwright` build engine. properties: params: + description: 'Params is a list of key/value that could be used + to set strategy parameters. When using _params_, users should + avoid: Defining a parameter name that doesn''t match one of + the `spec.parameters` defined in the `BuildStrategy`. Defining + a parameter name that collides with the Shipwright reserved + parameters including BUILDER_IMAGE,DOCKERFILE,CONTEXT_DIR + and any name starting with shp-.' items: + description: ParamValue is a key/value that populates a strategy + parameter used in the execution of the strategy steps properties: configMapValue: + description: The ConfigMap value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object name: + description: Name of the parameter type: string secretValue: + description: The secret value of the parameter properties: format: + description: An optional format to add pre- or suffix + to the object value. For example 'KEY=${SECRET_VALUE}' + or 'KEY=${CONFIGMAP_VALUE}' depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object value: + description: The value of the parameter type: string values: + description: Values of an array parameter items: + description: SingleValue is the value type contains + the properties for a value, this allows for an easy + extension in the future to support more kinds properties: configMapValue: + description: The ConfigMap value of the parameter properties: format: + description: An optional format to add pre- + or suffix to the object value. For example + 'KEY=${SECRET_VALUE}' or 'KEY=${CONFIGMAP_VALUE}' + depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object secretValue: + description: The secret value of the parameter properties: format: + description: An optional format to add pre- + or suffix to the object value. For example + 'KEY=${SECRET_VALUE}' or 'KEY=${CONFIGMAP_VALUE}' + depending on the context. type: string key: + description: Key inside the object type: string name: + description: Name of the object type: string required: - key - name type: object value: + description: The value of the parameter type: string type: object type: array @@ -4233,62 +9321,97 @@ spec: type: object type: array strategy: + description: Strategy references the BuildStrategy to use to + build the image. properties: kind: + description: BuildStrategyKind indicates the kind of the + build strategy BuildStrategy or ClusterBuildStrategy, + default to BuildStrategy. type: string name: + description: 'Name of the referent; More info: http://kubernetes.io/docs/user-guide/identifiers#names' type: string required: - name type: object timeout: + description: Timeout defines the maximum amount of time the + Build should take to execute. format: duration type: string type: object srcRepo: + description: Function Source code repository properties: bundleContainer: + description: BundleContainer properties: image: + description: Image reference, i.e. quay.io/org/image:tag type: string required: - image type: object credentials: + description: Credentials references a Secret that contains credentials + to access the repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic revision: + description: Git revision to check out (branch, tag, sha, ref…) + (default:"") type: string sourceSubPath: + description: A subpath within the `source` input where the source + to build is located. type: string url: + description: Git url to clone type: string type: object successfulBuildsHistoryLimit: + description: The number of successful builds to retain, default + is 0. format: int32 type: integer timeout: + description: Timeout defines the maximum amount of time the Build + should take to execute. type: string required: - srcRepo type: object image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic serving: + description: Information needed to run a function. The serving step + will be skipped if `Serving` is nil. properties: annotations: additionalProperties: type: string + description: Annotations that will be added to the workload. type: object bindings: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -4296,10 +9419,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -4310,7 +9437,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -4325,8 +9453,11 @@ spec: - type - version type: object + description: Configurations of dapr bindings components. type: object hooks: + description: Hooks define the hooks that will execute before or + after function execution. properties: policy: type: string @@ -4342,8 +9473,12 @@ spec: labels: additionalProperties: type: string + description: Parameters of asyncFunc runtime, must not be nil when + runtime is OpenFuncAsync. type: object outputs: + description: Function outputs from Dapr components including binding, + pubsub items: properties: dapr: @@ -4351,16 +9486,26 @@ spec: metadata: additionalProperties: type: string + description: Metadata is the metadata for dapr Com. type: object name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string operation: + description: Operation field tells the Dapr component + which operation it should perform. type: string outputName: + description: 'Deprecated: Only for compatibility with + v1beta1' type: string topic: type: string type: + description: Type is the type of the component, if it + is not set, controller will get it automatically. type: string required: - name @@ -4370,9 +9515,13 @@ spec: params: additionalProperties: type: string + description: Parameters to pass to the serving. All parameters will + be injected into the pod as environment variables. Function code + can use these parameters by getting environment variables type: object pubsub: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -4380,10 +9529,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -4394,7 +9547,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -4409,11 +9563,25 @@ spec: - type - version type: object + description: Configurations of dapr pubsub components. type: object scaleOptions: + description: The ScaleOptions will help us to set up guidelines + for the autoscaling of function workloads. properties: keda: properties: + httpScaledObject: + properties: + cooldownPeriod: + description: Cooldown period value + format: int32 + type: integer + targetPendingRequests: + description: Target metric value + format: int32 + type: integer + type: object scaledJob: properties: failedJobsHistoryLimit: @@ -4423,14 +9591,20 @@ spec: format: int32 type: integer restartPolicy: + description: Restart policy for all containers within + the pod. One of 'OnFailure', 'Never'. Default to 'Never'. type: string scalingStrategy: + description: ScalingStrategy defines the strategy of + Scaling properties: customScalingQueueLengthDeduction: format: int32 type: integer customScalingRunningJobPercentage: type: string + multipleScalersCalculation: + type: string pendingPodConditions: items: type: string @@ -4445,22 +9619,56 @@ spec: scaledObject: properties: advanced: + description: AdvancedConfig specifies advance scaling + options properties: horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies + horizontal scale config properties: behavior: + description: HorizontalPodAutoscalerBehavior + configures the scaling behavior of the target + in both Up and Down directions (scaleUp and + scaleDown fields respectively). properties: scaleDown: + description: scaleDown is scaling policy + for scaling Down. If not set, the default + value is to allow to scale down to minReplicas + pods, with a 300 second stabilization + window (i.e., the highest recommendation + for the last 300sec is used). properties: policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero format: int32 type: integer required: @@ -4469,23 +9677,66 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value Max + is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object scaleUp: + description: 'scaleUp is scaling policy + for scaling Up. If not set, the default + value is the higher of: * increase no + more than 4 pods per 60 seconds * double + the number of pods per 60 seconds No stabilization + is used.' properties: policies: + description: policies is a list of potential + scaling polices which can be used + during scaling. At least one policy + must be specified, otherwise the HPAScalingRules + will be discarded as invalid items: + description: HPAScalingPolicy is a + single policy which must hold true + for a specified past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which + the policy should hold true. + PeriodSeconds must be greater + than zero and less than or equal + to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the + amount of change which is permitted + by the policy. It must be greater + than zero format: int32 type: integer required: @@ -4494,13 +9745,32 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to + specify which policy should be used. + If not set, the default value Max + is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which + past recommendations should be considered + while scaling up or scaling down. + StabilizationWindowSeconds must be + greater than or equal to zero and + less than or equal to 3600 (one hour). + If not set, use the default values: + - For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object type: object + name: + type: string type: object restoreToOriginalReplicaCount: type: boolean @@ -4508,33 +9778,61 @@ spec: cooldownPeriod: format: int32 type: integer + fallback: + description: Fallback is the spec for fallback options + properties: + failureThreshold: + format: int32 + type: integer + replicas: + format: int32 + type: integer + required: + - failureThreshold + - replicas + type: object pollingInterval: format: int32 type: integer type: object triggers: + description: Triggers are used to specify the trigger sources + of the function. The Keda (ScaledObject, ScaledJob) configuration + in ScaleOptions cannot take effect without Triggers being + set. items: + description: ScaleTriggers reference the scaler that will + be used properties: authenticationRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used + to authenticate the scaler with the environment properties: kind: + description: Kind of the resource being referred + to. Defaults to TriggerAuthentication. type: string name: type: string required: - name type: object - fallback: - format: int32 - type: integer metadata: additionalProperties: type: string type: object + metricType: + description: MetricTargetType specifies the type of + metric being targeted, and should be either "Value", + "AverageValue", or "Utilization" + type: string name: type: string type: type: string + useCachedMetrics: + type: boolean required: - metadata - type @@ -4544,6 +9842,8 @@ spec: knative: additionalProperties: type: string + description: Refer to https://knative.dev/docs/serving/autoscaling/ + to learn more about the autoscaling options of Knative Serving. type: object maxReplicas: format: int32 @@ -4556,6 +9856,7 @@ spec: additionalProperties: properties: spec: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -4563,10 +9864,16 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a + metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name + is the secret name, and key is the field in the + secret. properties: key: type: string @@ -4577,7 +9884,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -4593,29 +9901,81 @@ spec: - version type: object type: object + description: Configurations of dapr state components. It can refer + to an existing state when the `state.spec` is nil. type: object template: + description: Template describes the pods that will be created. The + container named `function` is the container which is used to run + the image built by the builder. If it is not set, the controller + will automatically add one. properties: activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will actively + try to mark it failed and kill associated containers. Value + must be a positive integer. format: int64 type: integer affinity: + description: If specified, the pod's scheduling constraints properties: nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a + no-op). A null preferred scheduling term matches + no objects (i.e. is also a no-op). properties: preference: + description: A node selector term, associated + with the corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4625,13 +9985,35 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4641,7 +10023,11 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range + 1-100. format: int32 type: integer required: @@ -4650,18 +10036,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an + update), the system may or may not try to eventually + evict the pod from its node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term + matches no objects. The requirements of them + are ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4671,13 +10092,35 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: The label key that the + selector applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. If + the operator is Gt or Lt, the values + array must have a single element, + which will be interpreted as an integer. + This array is replaced during a strategic + merge patch. items: type: string type: array @@ -4687,28 +10130,73 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the + corresponding podAffinityTerm; the node(s) with the + highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4720,18 +10208,54 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4743,18 +10267,44 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. format: int32 type: integer required: @@ -4763,18 +10313,57 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4786,18 +10375,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4809,13 +10432,35 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey @@ -4823,22 +10468,65 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node + that violates one or more of the expressions. The + node that is most preferred is the one with the greatest + sum of weights, i.e. for each node that meets all + of the scheduling requirements (resource request, + requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the + node has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4850,18 +10538,54 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of + namespaces that the term applies to. The + term is applied to the union of the namespaces + selected by this field and the ones listed + in the namespaces field. null selector and + null or empty namespaces list means "this + pod's namespace". An empty selector ({}) + matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4873,18 +10597,44 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static + list of namespace names that the term applies + to. The term is applied to the union of + the namespaces listed in this field and + the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located + (affinity) or not co-located (anti-affinity) + with the pods matching the labelSelector + in the specified namespaces, where co-located + is defined as running on a node whose value + of the label with key topologyKey matches + that of any node on which any of the selected + pods is running. Empty topologyKey is not + allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range + 1-100. format: int32 type: integer required: @@ -4893,18 +10643,57 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the + pod will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a + pod label update), the system may or may not try to + eventually evict the pod from its node. When there + are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all + terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or + not co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any + node on which a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4916,18 +10705,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4939,13 +10762,35 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey @@ -4954,124 +10799,279 @@ spec: type: object type: object automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether + a service account token should be automatically mounted. type: boolean containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least + one container in a Pod. Cannot be updated. items: + description: A single application container that you want + to run within a pod. properties: args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The container image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5079,49 +11079,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5129,25 +11182,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5155,37 +11226,74 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5193,62 +11301,131 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on the + default "0.0.0.0" address inside a container will be + accessible from the network. Modifying this array with + strategic merge patch may corrupt the data. For more + information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -5259,37 +11436,74 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5297,47 +11511,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5345,6 +11624,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5353,101 +11634,270 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields of + PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5455,61 +11905,143 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -5517,19 +12049,43 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -5537,152 +12093,343 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters + specified here will be merged to the generated DNS configuration + based on DNSPolicy. properties: nameservers: + description: A list of DNS name server IP addresses. This + will be appended to the base nameservers generated from + DNSPolicy. Duplicated nameservers will be removed. items: type: string type: array options: + description: A list of DNS resolver options. This will be + merged with the base options generated from DNSPolicy. + Duplicated entries will be removed. Resolution options + given in Options will override those that appear in the + base DNSPolicy. items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. properties: name: + description: Required. type: string value: type: string type: object type: array searches: + description: A list of DNS search domains for host-name + lookup. This will be appended to the base search paths + generated from DNSPolicy. Duplicated search paths will + be removed. items: type: string type: array type: object dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', + 'Default' or 'None'. DNS parameters given in DNSConfig will + be merged with the policy selected with DNSPolicy. To have + DNS options set along with hostNetwork, you have to specify + DNS policy explicitly to 'ClusterFirstWithHostNet'. type: string enableServiceLinks: + description: 'EnableServiceLinks indicates whether information + about services should be injected into pod''s environment + variables, matching the syntax of Docker links. Optional: + Defaults to true.' type: boolean ephemeralContainers: + description: List of ephemeral containers run in this pod. Ephemeral + containers may be run in an existing pod to perform user-initiated + actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the + pod spec. In order to add an ephemeral container to an existing + pod, use the pod's ephemeralcontainers subresource. items: + description: "An EphemeralContainer is a temporary container + that you may add to an existing Pod for user-initiated activities + such as debugging. Ephemeral containers have no resource + or scheduling guarantees, and they will not be restarted + when they exit or when a Pod is removed or restarted. The + kubelet may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To add an + ephemeral container, use the ephemeralcontainers subresource + of an existing Pod. Ephemeral containers may not be removed + or restarted." properties: args: + description: 'Arguments to the entrypoint. The image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded + using the container''s environment. If a variable cannot + be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether + the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Lifecycle is not allowed for ephemeral containers. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5690,49 +12437,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5740,25 +12540,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5766,37 +12584,72 @@ spec: type: object type: object livenessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5804,62 +12657,124 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the ephemeral container specified + as a DNS_LABEL. This name must be unique among all containers, + init containers and ephemeral containers. type: string ports: + description: Ports are not allowed for ephemeral containers. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -5870,37 +12785,72 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5908,47 +12858,113 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: Resources are not allowed for ephemeral containers. + Ephemeral containers use spare resources already allocated + to the pod. properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5956,6 +12972,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5964,101 +12982,262 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'Optional: SecurityContext defines the security + options the ephemeral container should be run with. + If set, the fields of SecurityContext override the equivalent + fields of PodSecurityContext.' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6066,63 +13245,153 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean targetContainerName: + description: "If set, the name of the container from PodSpec + that this ephemeral container targets. The ephemeral + container will be run in the namespaces (IPC, PID, etc) + of this container. If not set then the ephemeral container + uses the namespaces configured in the Pod spec. \n The + container runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -6130,19 +13399,44 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Subpath mounts are not allowed for ephemeral + containers. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6150,154 +13444,362 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array hostAliases: + description: HostAliases is an optional list of hosts and IPs + that will be injected into the pod's hosts file if specified. + This is only valid for non-hostNetwork pods. items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string type: object type: array hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default + to false.' type: boolean hostNetwork: + description: Host networking requested for this pod. Use the + host's network namespace. If this option is set, the ports + that will be used must be specified. Default to false. type: boolean hostPID: + description: 'Use the host''s pid namespace. Optional: Default + to false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be run + in the host user namespace, useful for when the pod needs + a feature only available to the host user namespace, such + as loading a kernel module with CAP_SYS_MODULE. When set to + false, a new userns is created for the pod. Setting false + is useful for mitigating container breakout vulnerabilities + even allowing users to run their containers as root without + actually having root privileges on the host. This field is + alpha-level and is only honored by servers that enable the + UserNamespacesSupport feature.' type: boolean hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of + the images used by this PodSpec. If specified, these secrets + will be passed to individual puller implementations for them + to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same + namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: + description: 'List of initialization containers belonging to + the pod. Init containers are executed in order prior to containers + being started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be + unique among all containers. Init containers may not have + Lifecycle actions, Readiness probes, Liveness probes, or Startup + probes. The resourceRequirements of an init container are + taken into account during scheduling by finding the highest + request/limit for each resource type, and then using the max + of of that value or the sum of the normal containers. Limits + are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be + updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: + description: A single application container that you want + to run within a pod. properties: args: + description: 'Arguments to the entrypoint. The container + image''s CMD is used if this is not provided. Variable + references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a + shell. The container image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If + a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the + container. Cannot be updated. items: + description: EnvVar represents an environment variable + present in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults + to "".' type: string valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the + pod's namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret + or its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported + as an event when the container is starting. When a key + exists in multiple sources, the value associated with + the last source will take precedence. Values defined + by an Env with a duplicate key will take precedence. + Cannot be updated. items: + description: EnvFromSource represents the source of + a set of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to + each key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret must + be defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config + management to default or override container images in + workload controllers like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, + IfNotPresent. Defaults to Always if :latest tag is specified, + or IfNotPresent otherwise. Cannot be updated. More info: + https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should + take in response to container lifecycle events. Cannot + be updated. properties: postStart: + description: 'PostStart is called immediately after + a container is created. If the handler fails, the + container is terminated and restarted according + to its restart policy. Other management of the container + blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6305,49 +13807,102 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before + a container is terminated due to an API request + or management event such as liveness/startup probe + failure, preemption, resource contention, etc. The + handler is not called if the container crashes or + exits. The Pod''s termination grace period countdown + begins before the PreStop hook is executed. Regardless + of the outcome of the handler, the container will + eventually terminate within the Pod''s termination + grace period (unless delayed by finalizers). Other + management of the container blocks until the hook + completes or until the termination grace period + is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to + execute inside the container, the working + directory for the command is root ('/') + in the container's filesystem. The command + is simply exec'd, it is not run inside a + shell, so traditional shell instructions + ('|', etc) won't work. To use a shell, you + need to explicitly call out to that shell. + Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request + to perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set + "Host" in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the + request. HTTP allows repeated headers. items: + description: HTTPHeader describes a custom + header to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6355,25 +13910,43 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting + to the host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this + field and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: + description: 'Optional: Host name to connect + to, defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to + access on the container. Number must be + in the range 1 to 65535. Name must be an + IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -6381,37 +13954,74 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6419,62 +14029,131 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. + Not specifying a port here DOES NOT prevent that port + from being exposed. Any port which is listening on the + default "0.0.0.0" address inside a container will be + accessible from the network. Modifying this array with + strategic merge patch may corrupt the data. For more + information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port + in a single container. properties: containerPort: + description: Number of port to expose on the pod's + IP address. This must be a valid port number, + 0 < x < 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. + If specified, this must be a valid port number, + 0 < x < 65536. If HostNetwork is specified, this + must match ContainerPort. Most containers do not + need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in + a pod must have a unique name. Name for the port + that can be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, + or SCTP. Defaults to "TCP". type: string required: - containerPort @@ -6485,37 +14164,74 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if + the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6523,47 +14239,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are used by + this container. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. + \n This field is immutable." + items: + description: ResourceClaim references one entry + in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one + entry in pod.spec.resourceClaims of the Pod + where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6571,6 +14352,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount + of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6579,101 +14362,270 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields + of SecurityContext override the equivalent fields of + PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as + Privileged 2) has CAP_SYS_ADMIN Note that this field + cannot be set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this + field cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field + cannot be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the + container process. Uses runtime default if unset. + May also be set in PodSecurityContext. If set in + both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run + as a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not + run as UID 0 (root) and fail to start the container + if it does. If unset or false, no such validation + will be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the + container process. Defaults to user specified in + image metadata if unspecified. May also be set in + PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be + set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to + the container. If unspecified, the container runtime + will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. properties: level: + description: Level is SELinux level label that + applies to the container. type: string role: + description: Role is a SELinux role label that + applies to the container. type: string type: + description: Type is a SELinux type label that + applies to the container. type: string user: + description: User is a SELinux user label that + applies to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod + & container level, the container options override + the pod options. Note that this field cannot be + set when spec.os.name is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative + to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: + \n Localhost - a profile defined in a file on + the node should be used. RuntimeDefault - the + container runtime default profile should be + used. Unconfined - no profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied + to all containers. If unspecified, the options from + the PodSecurityContext will be used. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential + spec named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes + precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has + successfully initialized. If specified, no other probes + are executed until this completes successfully. If this + probe fails, the Pod will be restarted, just as if the + livenessProbe failed. This can be used to provide different + probe parameters at the beginning of a Pod''s lifecycle, + when it might take a long time to load data or warm + a cache, than during steady-state operation. This cannot + be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the + probe to be considered failed after having succeeded. + Defaults to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a + GRPC port. This is a beta field and requires enabling + GRPCContainerProbe feature gate. properties: port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service + to place in the gRPC HealthCheckRequest (see + https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -6681,61 +14633,143 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container + has started before liveness probes are initiated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the + probe. Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the + probe to be considered successful after having failed. + Defaults to 1. Must be 1 for liveness and startup. + Minimum value is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving + a TCP port. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod + needs to terminate gracefully upon probe failure. + The grace period is the duration in seconds after + the processes running in the pod are sent a termination + signal and the time when the processes are forcibly + halted with a kill signal. Set this value longer + than the expected cleanup time for your process. + If this value is nil, the pod's terminationGracePeriodSeconds + will be used. Otherwise, this value overrides the + value provided by the pod spec. Value must be non-negative + integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). + This is a beta field and requires enabling ProbeTerminationGracePeriod + feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is + 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a + buffer for stdin in the container runtime. If this is + not set, reads from stdin in the container will always + result in EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close + the stdin channel after it has been opened by a single + attach. When stdin is true the stdin stream will remain + open across multiple attach sessions. If stdinOnce is + set to true, stdin is opened on container start, is + empty until the first client attaches to stdin, and + then remains open and accepts data until the client + disconnects, at which time stdin is closed and remains + closed until the container is restarted. If this flag + is false, a container processes that reads from stdin + will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which + the container''s termination message will be written + is mounted into the container''s filesystem. Message + written is intended to be brief final status, such as + an assertion failure message. Will be truncated by the + node if greater than 4096 bytes. The total message length + across all containers will be limited to 12kb. Defaults + to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should + be populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last + chunk of container log output if the termination message + file is empty and the container exited with an error. + The log output is limited to 2048 bytes or 80 lines, + whichever is smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a + TTY for itself, also requires 'stdin' to be true. Default + is false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices + to be used by the container. items: + description: volumeDevice describes a mapping of a raw + block device within a container. properties: devicePath: + description: devicePath is the path inside of the + container that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -6743,19 +14777,43 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's + filesystem. Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which + the volume should be mounted. Must not contain + ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and + the other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write + otherwise (false or unspecified). Defaults to + false. type: boolean subPath: + description: Path within the volume from which the + container's volume should be mounted. Defaults + to "" (volume's root). type: string subPathExpr: + description: Expanded path within the volume from + which the container's volume should be mounted. + Behaves similarly to SubPath but environment variable + references $(VAR_NAME) are expanded using the + container's environment. Defaults to "" (volume's + root). SubPathExpr and SubPath are mutually exclusive. type: string required: - mountPath @@ -6763,21 +14821,54 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which + might be configured in the container image. Cannot be + updated. type: string required: - name type: object type: array nodeName: + description: NodeName is a request to schedule this pod onto + a specific node. If it is non-empty, the scheduler simply + schedules this pod onto that node, assuming that it fits resource + requirements. type: string nodeSelector: additionalProperties: type: string + description: 'NodeSelector is a selector which must be true + for the pod to fit on a node. Selector which must match a + node''s labels for the pod to be scheduled on that node. More + info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic os: + description: "Specifies the OS of the containers in the pod. + Some pod and container fields are restricted if this is set. + \n If the OS field is set to linux, the following fields must + be unset: -securityContext.windowsOptions \n If the OS field + is set to windows, following fields must be unset: - spec.hostPID + - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" properties: name: + description: 'Name is the name of the operating system. + The currently supported values are linux and windows. + Additional value may be defined in future and can be one + of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and + treat unrecognized values in this field as os: null' type: string required: - name @@ -6789,75 +14880,282 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field will + be autopopulated at admission time by the RuntimeClass admission + controller. If the RuntimeClass admission controller is enabled, + overhead must not be set in Pod create requests. The RuntimeClass + admission controller will reject Pod create requests which + have the overhead already set. If RuntimeClass is configured + and selected in the PodSpec, Overhead will be set to the value + defined in the corresponding RuntimeClass, otherwise it will + remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods + with lower priority. One of Never, PreemptLowerPriority. Defaults + to PreemptLowerPriority if unset. type: string priority: + description: The priority value. Various system components use + this field to find the priority of the pod. When Priority + Admission Controller is enabled, it prevents users from setting + this field. The admission controller populates this field + from PriorityClassName. The higher the value, the higher the + priority. format: int32 type: integer priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which + indicate the highest priorities with the former being the + highest priority. Any other name must be defined by creating + a PriorityClass object with that name. If not specified, the + pod priority will be default or zero if there is no default. type: string readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers + are ready AND all conditions specified in the readiness gates + have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: + description: PodReadinessGate contains the reference to a + pod condition properties: conditionType: + description: ConditionType refers to a condition in the + pod's condition list with matching type. type: string required: - conditionType type: object type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims must + be allocated and reserved before the Pod is allowed to start. + The resources will be made available to those containers which + consume them by name. \n This is an alpha field and requires + enabling the DynamicResourceAllocation feature gate. \n This + field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely + identifies the ResourceClaim inside the Pod. Containers + that need access to the ResourceClaim reference it with + this name. + properties: + name: + description: Name uniquely identifies this resource claim + inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a ResourceClaim + object in the same namespace as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name + of a ResourceClaimTemplate object in the same namespace + as this pod. \n The template will be used to create + a new ResourceClaim, which will be bound to this + pod. When this pod is deleted, the ResourceClaim + will also be deleted. The name of the ResourceClaim + will be -, where is the PodResourceClaim.Name. Pod validation + will reject the pod if the concatenated name is + not valid for a ResourceClaim (e.g. too long). \n + An existing ResourceClaim with that name that is + not owned by the pod will not be used for the pod + to avoid using an unrelated resource by mistake. + Scheduling and pod startup are then blocked until + the unrelated ResourceClaim is removed. \n This + field is immutable and no changes will be made to + the corresponding ResourceClaim by the control plane + after creating the ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: + description: 'Restart policy for all containers within the pod. + One of Always, OnFailure, Never. Default to Always. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' type: string runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object + in the node.k8s.io group, which should be used to run this + pod. If no RuntimeClass resource matches the named class, + the pod will not be run. If unset or empty, the "legacy" RuntimeClass + will be used, which is an implicit class with an empty definition + that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched by + default scheduler. type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values that + if specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + \n This is an alpha-level feature enabled by PodSchedulingReadiness + feature gate." + items: + description: PodSchedulingGate is associated to a Pod to guard + its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' properties: fsGroup: + description: "A special supplemental group that applies + to all containers in a pod. Some volume types allow the + Kubelet to change the ownership of that volume to be owned + by the pod: \n 1. The owning GID will be the FSGroup 2. + The setgid bit is set (new files created in the volume + will be owned by FSGroup) 3. The permission bits are OR'd + with rw-rw---- \n If unset, the Kubelet will not modify + the ownership and permissions of any volume. Note that + this field cannot be set when spec.os.name is windows." format: int64 type: integer fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types + which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such + as: secret, configmaps and emptydir. Valid values are + "OnRootMismatch" and "Always". If not specified, "Always" + is used. Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set + in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a + non-root user. If true, the Kubelet will validate the + image at runtime to ensure that it does not run as UID + 0 (root) and fail to start the container if it does. If + unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence for + that container. Note that this field cannot be set when + spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a + random SELinux context for each container. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile + must be preconfigured on the node to work. Must be + a descending path, relative to the kubelet's configured + seccomp profile location. Must only be set if type + is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - + a profile defined in a file on the node should be + used. RuntimeDefault - the container runtime default + profile should be used. Unconfined - no profile should + be applied." type: string required: - type type: object supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container + process. If unspecified, no additional groups are added + to any container. Note that group memberships defined + in the container image for the uid of the container process + are still effective, even if they are not included in + this list. Note that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer type: array sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. items: + description: Sysctl defines a kernel parameter to be set properties: name: + description: Name of a property to set type: string value: + description: Value of a property to set type: string required: - name @@ -6865,59 +15163,172 @@ spec: type: object type: array windowsOptions: + description: The Windows specific settings applied to all + containers. If unspecified, the options within a container's + SecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set when + spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the + GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is + alpha-level and will only be honored by components + that enable the WindowsHostProcessContainers feature + flag. Setting this field without the feature flag + will result in errors when validating the Pod. All + of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias + for ServiceAccountName. Deprecated: Use serviceAccountName + instead.' type: string serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string setHostnameAsFQDN: + description: If true the pod's hostname will be configured as + the pod's FQDN, rather than the leaf name (the default). In + Linux containers, this means setting the FQDN in the hostname + field of the kernel (the nodename field of struct utsname). + In Windows containers, this means setting the registry value + of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. + Default to false. type: boolean shareProcessNamespace: + description: 'Share a single process namespace between all of + the containers in a pod. When this is set containers will + be able to view and signal processes from other containers + in the same pod, and the first process in each container will + not be assigned PID 1. HostPID and ShareProcessNamespace cannot + both be set. Optional: Default to false.' type: boolean subdomain: + description: If specified, the fully qualified Pod hostname + will be "...svc.". If not specified, the pod will not have a domainname + at all. type: string terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully. May be decreased in delete request. Value must + be non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). If this + value is nil, the default grace period will be used instead. + The grace period is the duration in seconds after the processes + running in the pod are sent a termination signal and the time + when the processes are forcibly halted with a kill signal. + Set this value longer than the expected cleanup time for your + process. Defaults to 30 seconds. format: int64 type: integer tolerations: + description: If specified, the pod's tolerations. items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . properties: effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. type: string key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. type: string operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. type: string tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group + of pods ought to spread across topology domains. Scheduler + will schedule pods in a way which abides by the constraints. + All topologySpreadConstraints are ANDed. items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. properties: labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator is + Exists or DoesNotExist, the values array must + be empty. This array is replaced during a + strategic merge patch. items: type: string type: array @@ -6929,14 +15340,131 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys + to select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming + pod labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A + null or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. The global minimum is the minimum number of + matching pods in an eligible domain or zero if the number + of eligible domains is less than MinDomains. For example, + in a 3-zone cluster, MaxSkew is set to 1, and pods with + the same labelSelector spread as 2/2/1: In this case, + the global minimum is 1. | zone1 | zone2 | zone3 | | P + P | P P | P | - if MaxSkew is 1, incoming pod + can only be scheduled to zone3 to become 2/2/2; scheduling + it onto zone1(zone2) would make the ActualSkew(3-1) + on zone1(zone2) violate MaxSkew(1). - if MaxSkew is + 2, incoming pod can be scheduled onto any zone. When + `whenUnsatisfiable=ScheduleAnyway`, it is used to give + higher precedence to topologies that satisfy it. It''s + a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of + eligible domains. When the number of eligible domains + with matching topology keys is less than minDomains, + Pod Topology Spread treats \"global minimum\" as 0, + and then the calculation of Skew is performed. And when + the number of eligible domains with matching topology + keys equals or greater than minDomains, this value has + no effect on scheduling. As a result, when the number + of eligible domains is less than minDomains, scheduler + won't schedule more than maxSkew Pods to those domains. + If value is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable must be + DoNotSchedule. \n For example, in a 3-zone cluster, + MaxSkew is set to 2, MinDomains is set to 5 and pods + with the same labelSelector spread as 2/2/2: | zone1 + | zone2 | zone3 | | P P | P P | P P | The number + of domains is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod with the + same labelSelector cannot be scheduled, because computed + skew will be 3(3 - 0) if new Pod is scheduled to any + of the three zones, it will violate MaxSkew. \n This + is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will + treat Pod's nodeAffinity/nodeSelector when calculating + pod topology spread skew. Options are: - Honor: only + nodes matching nodeAffinity/nodeSelector are included + in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent + to the Honor policy. This is a beta-level feature default + enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. + Options are: - Honor: nodes without taints, along with + tainted nodes for which the incoming pod has a toleration, + are included. - Ignore: node taints are ignored. All + nodes are included. \n If this value is nil, the behavior + is equivalent to the Ignore policy. This is a beta-level + feature default enabled by the NodeInclusionPolicyInPodTopologySpread + feature flag." + type: string topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values + are considered to be in the same topology. We consider + each as a "bucket", and try to put balanced + number of pods into each bucket. We define a domain + as a particular instance of a topology. Also, we define + an eligible domain as a domain whose nodes meet the + requirements of nodeAffinityPolicy and nodeTaintsPolicy. + e.g. If TopologyKey is "kubernetes.io/hostname", each + Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. type: string whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal + with a pod if it doesn''t satisfy the spread constraint. + - DoNotSchedule (default) tells the scheduler not to + schedule it. - ScheduleAnyway tells the scheduler to + schedule the pod in any location, but giving higher + precedence to topologies that would help reduce the + skew. A constraint is considered "Unsatisfiable" for + an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. + For example, in a 3-zone cluster, MaxSkew is set to + 1, and pods with the same labelSelector spread as 3/1/1: + | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become + 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies + MaxSkew(1). In other words, the cluster can still be + imbalanced, but scheduler won''t make it *more* imbalanced. + It''s a required field.' type: string required: - maxSkew @@ -6949,104 +15477,240 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: + description: Volume represents a named volume in a pod that + may be accessed by any container in the pod. properties: awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default + is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, + the volume partition for /dev/sda is "0" (or you + can leave the property empty).' format: int32 type: integer readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. properties: cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' type: string diskName: + description: diskName is the Name of the data disk + in the blob storage type: string diskURI: + description: diskURI is the URI of data disk in the + blob storage type: string fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure managed + data disk (only in managed availability set). defaults + to shared' type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. properties: readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key type: string shareName: + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime properties: monitors: + description: 'monitors is Required: Monitors is a + collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default is + /' type: string readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: + description: 'secretFile is Optional: SecretFile is + the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: + description: 'secretRef is Optional: SecretRef is + reference to the authentication secret for User, + default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is optional: User is the rados + user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: + description: 'cinder represents a cinder volume attached + and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Examples: "ext4", "xfs", "ntfs". + Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to + OpenStack.' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: + description: 'volumeID used to identify the volume + in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: + description: configMap represents a configMap that should + populate this volume properties: defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -7054,121 +15718,386 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). properties: driver: + description: driver is the name of the CSI driver + that handles this volume. Consult with your admin + for the correct name as registered in the cluster. type: string fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the + associated CSI driver which will determine the default + filesystem to apply. type: string nodePublishSecretRef: + description: nodePublishSecretRef is a reference to + the secret object containing sensitive information + to pass to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the + secret object contains more than one secret, all + secret references are passed. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string + description: volumeAttributes stores driver-specific + properties that are passed to the CSI driver. Consult + your driver's documentation for supported values. type: object required: - driver type: object downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume properties: defaultMode: + description: 'Optional: mode bits to use on created + files by default. Must be a Optional: mode bits + used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: Items is a list of downward API volume + file items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: + description: 'Required: Selects a field of the + pod: only annotations, labels, name and namespace + are supported.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select + in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to set + permissions on this file, must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of the + relative path must not start with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: required for + volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: + description: 'emptyDir represents a temporary directory + that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: + description: 'medium represents what type of storage + medium should back this directory. The default is + "" which means to use the node''s default medium. + Must be an empty string (default) or Memory. More + info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local + storage required for this EmptyDir volume. The size + limit is also applicable for memory medium. The + maximum usage on memory medium EmptyDir would be + the minimum value between the SizeLimit specified + here and the sum of memory limits of all containers + in a pod. The default is nil which means that the + limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle + is tied to the pod that defines it - it will be created + before the pod starts, and deleted when the pod is removed. + \n Use this if: a) the volume is only needed while the + pod runs, b) features of normal volumes like restoring + from snapshot or capacity tracking are needed, c) the + storage driver is specified through a storage class, + and d) the storage driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between this + volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim + or one of the vendor-specific APIs for volumes that + persist for longer than the lifecycle of an individual + pod. \n Use CSI for light-weight local ephemeral volumes + if the CSI driver is meant to be used that way - see + the documentation of the driver for more information. + \n A pod can use both types of ephemeral volumes and + persistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone + PVC to provision the volume. The pod in which this + EphemeralVolumeSource is embedded will be the owner + of the PVC, i.e. the PVC will be deleted together + with the pod. The name of the PVC will be `-` where `` is the + name from the `PodSpec.Volumes` array entry. Pod + validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid + using an unrelated volume by mistake. Starting the + pod is then blocked until the unrelated PVC is removed. + If such a pre-created PVC is meant to be used by + the pod, the PVC has to updated with an owner reference + to the pod once the pod exists. Normally this should + not be necessary, but it may be useful when manually + reconstructing a broken cluster. \n This field is + read-only and no changes will be made by Kubernetes + to the PVC after it has been created. \n Required, + must not be nil." properties: metadata: + description: May contain labels and annotations + that will be copied into the PVC when creating + it. No other fields are allowed and will be + rejected during validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into + the PVC that gets created from this template. + The same fields as in a PersistentVolumeClaim + are also valid here. properties: accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used + to specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller + can support the specified data source, it + will create a new volume based on the contents + of the specified data source. When the AnyVolumeDataSource + feature gate is enabled, dataSource contents + will be copied to dataSourceRef, and dataSourceRef + contents will be copied to dataSource when + dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef + will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced type: string required: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the + object from which to populate the volume + with data, if a non-empty volume is desired. + This may be any object from a non-empty + API group (non core object) or a PersistentVolumeClaim + object. When this field is specified, volume + binding will only succeed if the type of + the specified object matches some installed + volume populator or dynamic provisioner. + This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the + same value. For backwards compatibility, + when namespace isn''t specified in dataSourceRef, + both fields (dataSource and dataSourceRef) + will be set to the same value automatically + if one of them is empty and the other is + non-empty. When namespace is specified in + dataSourceRef, dataSource isn''t set to + the same value and must be empty. There + are three important differences between + dataSource and dataSourceRef: * While dataSource + only allows two specific types of objects, + dataSourceRef allows any non-core object, + as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values + (dropping them), dataSourceRef preserves + all values, and generates an error if a + disallowed value is specified. * While dataSource + only allows local objects, dataSourceRef + allows objects in any namespaces. (Beta) + Using this field requires the AnyVolumeDataSource + feature gate to be enabled. (Alpha) Using + the namespace field of dataSourceRef requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for + the resource being referenced. If APIGroup + is not specified, the specified Kind + must be in the core API group. For any + other third-party types, APIGroup is + required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace + of resource being referenced Note that + when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant + documentation for details. (Alpha) This + field requires the CrossNamespaceVolumeDataSource + feature gate to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to + specify resource requirements that are lower + than previous value but must still be higher + than capacity recorded in the status field + of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of + resources, defined in spec.resourceClaims, + that are used by this container. \n + This is an alpha field and requires + enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the + name of one entry in pod.spec.resourceClaims + of the Pod where this field is + used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -7176,6 +16105,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -7184,18 +16116,47 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. + If Requests is omitted for a container, + it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over + volumes to consider for binding. properties: matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. properties: key: + description: key is the label key + that the selector applies to. type: string operator: + description: operator represents + a key's relationship to a set + of values. Valid operators are + In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array + of string values. If the operator + is In or NotIn, the values array + must be non-empty. If the operator + is Exists or DoesNotExist, the + values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -7207,13 +16168,29 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name + of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type + of volume is required by the claim. Value + of Filesystem is implied when not included + in claim spec. type: string volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -7221,125 +16198,275 @@ spec: type: object type: object fc: + description: fc represents a Fibre Channel resource that + is attached to a kubelet's host machine and then exposed + to the pod. properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. TODO: how + do we prevent errors in the filesystem from compromising + the machine' type: string lun: + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: + description: 'wwids Optional: FC volume world wide + identifiers (wwids) Either wwids or combination + of targetWWNs and lun must be set, but not both + simultaneously.' items: type: string type: array type: object flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: + description: driver is the name of the driver to use + for this volume. type: string fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". The + default filesystem depends on FlexVolume script. type: string options: additionalProperties: type: string + description: 'options is Optional: this field holds + extra command options if any.' type: object readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean secretRef: + description: 'secretRef is Optional: secretRef is + reference to the secret object containing sensitive + information to pass to the plugin scripts. This + may be empty if no secret object is specified. If + the secret object contains more than one secret, + all secrets are passed to the plugin scripts.' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running properties: datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated type: string datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk + resource that is attached to a kubelet''s host machine + and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default + is to mount by volume name. Examples: For volume + /dev/sda1, you specify the partition as "1". Similarly, + the volume partition for /dev/sda is "0" (or you + can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: + description: 'gitRepo represents a git repository at a + particular revision. DEPRECATED: GitRepo is deprecated. + To provision a container with a git repo, mount an EmptyDir + into an InitContainer that clones the repo using git, + then mount the EmptyDir into the Pod''s container.' properties: directory: + description: directory is the target directory name. + Must not contain or start with '..'. If '.' is + supplied, the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: + description: repository is the URL type: string revision: + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: + description: 'glusterfs represents a Glusterfs mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: + description: 'endpoints is the endpoint name that + details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: + description: 'readOnly here will force the Glusterfs + volume to be mounted with read-only permissions. + Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: + description: 'hostPath represents a pre-existing file + or directory on the host machine that is directly exposed + to the container. This is generally used for system + agents or other privileged things that are allowed to + see the host machine. Most containers will NOT need + this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host + directory mounts and who can/can not mount host directories + as read/write.' properties: path: + description: 'path of the directory on the host. If + the path is a symlink, it will follow the link to + the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: + description: 'type for HostPath Volume Defaults to + "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: + description: 'iscsi represents an ISCSI Disk resource + that is attached to a kubelet''s host machine and then + exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication type: boolean chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication type: boolean fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + description: iscsiInterface is the interface Name + that uses an iSCSI transport. Defaults to 'default' + (tcp). type: string lun: + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the + port is other than default (typically TCP ports + 860 and 3260). items: type: string type: array readOnly: + description: readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. type: boolean secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: + description: targetPortal is iSCSI Target Portal. + The Portal is either an IP or ip_addr:port if the + port is other than default (typically TCP ports + 860 and 3260). type: string required: - iqn @@ -7347,67 +16474,157 @@ spec: - targetPortal type: object name: + description: 'name of the volume. Must be a DNS_LABEL + and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: + description: 'nfs represents an NFS mount on the host + that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults + to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: + description: 'server is the hostname or IP address + of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. type: string pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk type: string required: - pdID type: object portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine properties: fsType: + description: fSType represents the filesystem type + to mount Must be a filesystem type supported by + the host operating system. Ex. "ext4", "xfs". Implicitly + inferred to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean volumeID: + description: volumeID uniquely identifies a Portworx + volume type: string required: - volumeID type: object projected: + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: + description: defaultMode are the mode bits used to + set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal values + for mode bits. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like + fsGroup, and the result can be other mode bits set. format: int32 type: integer sources: + description: sources is the list of volume projections items: + description: Projection that may be projected along + with other supported volume types properties: configMap: + description: configMap information about the + configMap data to project properties: items: + description: items if unspecified, each + key-value pair in the Data field of the + referenced ConfigMap will be projected + into the volume as a file whose name is + the key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, + the volume setup will error unless it + is marked optional. Paths must be relative + and may not contain the '..' path or start + with '..'. items: + description: Maps a string key to a path + within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. type: string required: - key @@ -7415,60 +16632,155 @@ spec: type: object type: array name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: + description: downwardAPI information about the + downwardAPI data to project properties: items: + description: Items is a list of DownwardAPIVolume + file items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: + description: 'Required: Selects a + field of the pod: only annotations, + labels, name and namespace are supported.' properties: apiVersion: + description: Version of the schema + the FieldPath is written in + terms of, defaults to "v1". type: string fieldPath: + description: Path of the field + to select in the specified API + version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits + used to set permissions on this + file, must be an octal value between + 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the + relative path name of the file to + be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: + required for volumes, optional + for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource + to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: + description: secret information about the secret + data to project properties: items: + description: items if unspecified, each + key-value pair in the Data field of the + referenced Secret will be projected into + the volume as a file whose name is the + key and content is the value. If specified, + the listed keys will be projected into + the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the + volume setup will error unless it is marked + optional. Paths must be relative and may + not contain the '..' path or start with + '..'. items: + description: Maps a string key to a path + within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode + bits used to set permissions on + this file. Must be an octal value + between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts + both octal and decimal values, JSON + requires decimal values for mode + bits. If not specified, the volume + defaultMode will be used. This might + be in conflict with other options + that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative + path of the file to map the key + to. May not be an absolute path. + May not contain the path element + '..'. May not start with the string + '..'. type: string required: - key @@ -7476,18 +16788,46 @@ spec: type: object type: array name: + description: 'Name of the referent. More + info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional field specify whether + the Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project properties: audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience + defaults to the identifier of the apiserver. type: string expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The + kubelet will start trying to rotate the + token if the token is older than 80 percent + of its time to live or if the token is + older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. format: int64 type: integer path: + description: path is the path relative to + the mount point of the file to project + the token into. type: string required: - path @@ -7496,74 +16836,159 @@ spec: type: array type: object quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime properties: group: + description: group to map volume access to Default + is no group type: string readOnly: + description: readOnly here will force the Quobyte + volume to be mounted with read-only permissions. + Defaults to false. type: boolean registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string + as host:port pair (multiple entries are separated + with commas) which acts as the central registry + for volumes type: string tenant: + description: tenant owning the given Quobyte volume + in the Backend Used with dynamically provisioned + Quobyte volumes, value is set by the plugin type: string user: + description: user to map volume access to Defaults + to serivceaccount user type: string volume: + description: volume is a string that references an + already created Quobyte volume by name. type: string required: - registry - volume type: object rbd: + description: 'rbd represents a Rados Block Device mount + on the host that shares a pod''s lifetime. More info: + https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: + description: 'fsType is the filesystem type of the + volume that you want to mount. Tip: Ensure that + the filesystem type is supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem + from compromising the machine' type: string image: + description: 'image is the rados image name. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: + description: 'keyring is the path to key ring for + RBDUser. Default is /etc/ceph/keyring. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: + description: 'pool is the rados pool name. Default + is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: + description: 'readOnly here will force the ReadOnly + setting in VolumeMounts. Defaults to false. More + info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. + Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is the rados user name. Default + is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Default + is "xfs". type: string gateway: + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretRef: + description: secretRef references to the secret for + ScaleIO user and other sensitive information. If + this is not provided, Login operation will fail. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: + description: storagePool is the ScaleIO Storage Pool + associated with the protection domain. type: string system: + description: system is the name of the storage system + as configured in ScaleIO. type: string volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated + with this volume source. type: string required: - gateway @@ -7571,19 +16996,58 @@ spec: - system type: object secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or + a decimal value between 0 and 511. YAML accepts + both octal and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. Directories + within the path are not affected by this setting. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer items: + description: items If unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file whose + name is the key and content is the value. If specified, + the listed keys will be projected into the specified + paths, and unlisted keys will not be present. If + a key is specified which is not present in the Secret, + the volume setup will error unless it is marked + optional. Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used + to set permissions on this file. Must be an + octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both + octal and decimal values, JSON requires decimal + values for mode bits. If not specified, the + volume defaultMode will be used. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the + file to map the key to. May not be an absolute + path. May not contain the path element '..'. + May not start with the string '..'. type: string required: - key @@ -7591,35 +17055,81 @@ spec: type: object type: array optional: + description: optional field specify whether the Secret + or its keys must be defined type: boolean secretName: + description: 'secretName is the name of the secret + in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. + Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in + VolumeMounts. type: boolean secretRef: + description: secretRef specifies the secret to use + for obtaining the StorageOS API credentials. If + not specified, default values will be attempted. properties: name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: + description: volumeName is the human-readable name + of the StorageOS volume. Volume names are only + unique within a namespace. type: string volumeNamespace: + description: volumeNamespace specifies the scope of + the volume within StorageOS. If no namespace is + specified then the Pod's namespace will be used. This + allows the Kubernetes name scoping to be mirrored + within StorageOS for tighter integration. Set VolumeName + to any name to override the default behaviour. Set + to "default" if you are not using namespaces within + StorageOS. Namespaces that do not pre-exist within + StorageOS will be created. type: string type: object vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine properties: fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated with + the StoragePolicyName. type: string storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. type: string volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath @@ -7632,8 +17142,11 @@ spec: - containers type: object timeout: + description: Timeout defines the maximum amount of time the Serving + should take to execute before the Serving is running. type: string tracing: + description: Tracing is the config of tracing. properties: baggage: additionalProperties: @@ -7673,22 +17186,29 @@ spec: type: string type: object required: - - baggage - enabled - provider type: object triggers: + description: Triggers used to trigger the Function. properties: dapr: items: properties: inputName: + description: 'Deprecated: Only for compatibility with + v1beta1' type: string name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string topic: type: string type: + description: Type is the type of the component, if it + is not set, controller will get it automatically. type: string required: - name @@ -7696,18 +17216,33 @@ spec: type: array http: properties: + engine: + description: Http function runtime engine, can be set to + knative or keda, default to knative if not set + type: string port: + description: The port on which the function will be invoked format: int32 type: integer route: + description: Information needed to make HTTPRoute. Will + attempt to make HTTPRoute using the default Gateway resource + if Route is nil. properties: gatewayRef: + description: GatewayRef references the Gateway resources + that a Route wants to be attached to. properties: name: + description: Name is the name of the referent. It + refers to the name of a Gateway resource. maxLength: 253 minLength: 1 type: string namespace: + description: Namespace is the namespace of the referent. + When unspecified, this refers to the local namespace + of the Route. maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -7717,7 +17252,25 @@ spec: - namespace type: object hostnames: + description: Hostnames defines a set of hostname that + should match against the HTTP Host header to select + a HTTPRoute to process the request. items: + description: "Hostname is the fully qualified domain + name of a network host. This matches the RFC 1123 + definition of a hostname with 2 notable exceptions: + \n 1. IPs are not allowed. 2. A hostname may be + prefixed with a wildcard label (`*.`). The wildcard + label must appear by itself as the first label. + \n Hostname can be \"precise\" which is a domain + name without the terminating dot of a network host + (e.g. \"foo.example.com\") or \"wildcard\", which + is a domain name prefixed with a single wildcard + label (e.g. `*.example.com`). \n Note that as per + RFC1035 and RFC1123, a *label* must consist of lower + case alphanumeric characters or '-', and must start + and end with an alphanumeric character. No other + punctuation is allowed." maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -7725,26 +17278,81 @@ spec: maxItems: 16 type: array rules: + description: Rules are a list of HTTP matchers, filters + and actions. items: + description: HTTPRouteRule defines semantics for matching + an HTTP request based on conditions (matches), processing + it (filters), and forwarding the request to an API + object (backendRefs). properties: backendRefs: + description: "If unspecified or invalid (refers + to a non-existent resource or a Service with + no endpoints), the rule performs no forwarding. + If there are also no filters specified that + would result in a response being sent, a HTTP + 503 status code is returned. 503 responses must + be sent so that the overall weight is respected; + if an invalid backend is requested to have 80% + of requests, then 80% of requests must get a + 503 instead. \n Support: Core for Kubernetes + Service Support: Custom for any other resource + \n Support for weight: Core" items: + description: HTTPBackendRef defines how a HTTPRoute + should forward an HTTP request. properties: filters: + description: "Filters defined at this level + should be executed if and only if the + request is being forwarded to the backend + defined here. \n Support: Custom (For + broader support of filters, use the Filters + field in HTTPRouteRule.)" items: + description: HTTPRouteFilter defines processing + steps that must be completed during + the request or response lifecycle. HTTPRouteFilters + are meant as an extension point to express + processing that may be done in Gateway + implementations. Some examples include + request or response modification, implementing + authentication strategies, rate-limiting, + and traffic shaping. API guarantee/conformance + is defined based on the type of the + filter. properties: extensionRef: + description: "ExtensionRef is an optional, + implementation-specific extension + to the \"filter\" behavior. For + example, resource \"myroutefilter\" + in group \"networking.example.net\"). + ExtensionRef MUST NOT be used for + core and extended filters. \n Support: + Implementation-specific" properties: group: + description: Group is the group + of the referent. For example, + "networking.k8s.io". When unspecified + (empty string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the + referent. For example "HTTPRoute" + or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name + of the referent. maxLength: 253 minLength: 1 type: string @@ -7754,16 +17362,54 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier + defines a schema for a filter that + modifies request headers. \n Support: + Core" properties: add: + description: "Add adds the given + header(s) (name, value) to the + request before the action. It + appends to any existing values + associated with the header name. + \n Input: GET /foo HTTP/1.1 + my-header: foo \n Config: add: + - name: \"my-header\" value: + \"bar\" \n Output: GET /foo + HTTP/1.1 my-header: foo my-header: + bar" items: + description: HTTPHeader represents + an HTTP Header name and value + as defined by RFC 7230. properties: name: + description: "Name is the + name of the HTTP Header + to be matched. Name matching + MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries + specify equivalent header + names, the first entry + with an equivalent name + MUST be considered for + a match. Subsequent entries + with an equivalent header + name MUST be ignored. + Due to the case-insensitivity + of header names, \"foo\" + and \"Foo\" are considered + equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the + value of HTTP Header to + be matched. maxLength: 4096 minLength: 1 type: string @@ -7777,19 +17423,63 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given + header(s) from the HTTP request + before the action. The value + of Remove is a list of HTTP + header names. Note that the + header names are case-insensitive + (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 + my-header1: foo my-header2: + bar my-header3: baz \n Config: + remove: [\"my-header1\", \"my-header3\"] + \n Output: GET /foo HTTP/1.1 + my-header2: bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the + request with the given header + (name, value) before the action. + \n Input: GET /foo HTTP/1.1 + my-header: foo \n Config: set: + - name: \"my-header\" value: + \"bar\" \n Output: GET /foo + HTTP/1.1 my-header: bar" items: + description: HTTPHeader represents + an HTTP Header name and value + as defined by RFC 7230. properties: name: + description: "Name is the + name of the HTTP Header + to be matched. Name matching + MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries + specify equivalent header + names, the first entry + with an equivalent name + MUST be considered for + a match. Subsequent entries + with an equivalent header + name MUST be ignored. + Due to the case-insensitivity + of header names, \"foo\" + and \"Foo\" are considered + equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the + value of HTTP Header to + be matched. maxLength: 4096 minLength: 1 type: string @@ -7804,30 +17494,96 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines + a schema for a filter that mirrors + requests. Requests are sent to the + specified destination, but responses + from that destination are ignored. + \n Support: Extended" properties: backendRef: + description: "BackendRef references + a resource where mirrored requests + are sent. \n If the referent + cannot be found, this BackendRef + is invalid and must be dropped + from the Gateway. The controller + must ensure the \"ResolvedRefs\" + condition on the Route status + is set to `status: False` and + not configure this backend in + the underlying implementation. + \n If there is a cross-namespace + reference to an *existing* object + that is not allowed by a ReferencePolicy, + the controller must ensure the + \"ResolvedRefs\" condition + on the Route is set to `status: + False`, with the \"RefNotPermitted\" + reason and not configure this + backend in the underlying implementation. + \n In either error case, the + Message of the `ResolvedRefs` + Condition should be used to + provide more detail about the + problem. \n Support: Extended + for Kubernetes Service Support: + Custom for any other resource" properties: group: default: "" + description: Group is the + group of the referent. For + example, "networking.k8s.io". + When unspecified (empty + string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind + of the referent. For example + "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name + of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is + the namespace of the backend. + When unspecified, the local + namespace is inferred. \n + Note that when a namespace + is specified, a ReferencePolicy + object is required in the + referent namespace to allow + that namespace's owner to + accept the reference. See + the ReferencePolicy documentation + for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies + the destination port number + to use for this resource. + Port is required when the + referent is a Kubernetes + Service. For other resources, + destination port might be + derived from the referent + resource or this field. format: int32 maximum: 65535 minimum: 1 @@ -7839,30 +17595,89 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines + a schema for a filter that responds + to the request with an HTTP redirection. + \n Support: Core" properties: hostname: + description: "Hostname is the + hostname to be used in the value + of the `Location` header in + the response. When empty, the + hostname of the request is used. + \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port + to be used in the value of the + `Location` header in the response. + When empty, port (if specified) + of the request is used. \n Support: + Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme + to be used in the value of the + `Location` header in the response. + When empty, the scheme of the + request is used. \n Support: + Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the + HTTP status code to be used + in response. \n Support: Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the + type of filter to apply. As with + other API fields, types are classified + into three conformance levels: \n + - Core: Filter types and their corresponding + configuration defined by \"Support: + Core\" in this package, e.g. \"RequestHeaderModifier\". + All implementations must support + core filters. \n - Extended: Filter + types and their corresponding configuration + defined by \"Support: Extended\" + in this package, e.g. \"RequestMirror\". + Implementers are encouraged to support + extended filters. \n - Custom: Filters + that are defined and supported by + specific vendors. In the future, + filters showing convergence in behavior + across multiple implementations + will be considered for inclusion + in extended or core conformance + levels. Filter-specific configuration + for such filters is specified using + the ExtensionRef field. `Type` should + be set to \"ExtensionRef\" for custom + filters. \n Implementers are encouraged + to define custom implementation + types to extend the core API with + implementation-specific behavior. + \n If a reference to a custom filter + type cannot be resolved, the filter + MUST NOT be skipped. Instead, requests + that would have been processed by + that filter MUST receive a HTTP + error response." enum: - RequestHeaderModifier - RequestMirror @@ -7876,31 +17691,70 @@ spec: type: array group: default: "" + description: Group is the group of the referent. + For example, "networking.k8s.io". When + unspecified (empty string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace + of the backend. When unspecified, the + local namespace is inferred. \n Note that + when a namespace is specified, a ReferencePolicy + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferencePolicy + documentation for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination + port number to use for this resource. + Port is required when the referent is + a Kubernetes Service. For other resources, + destination port might be derived from + the referent resource or this field. format: int32 maximum: 65535 minimum: 1 type: integer weight: default: 1 + description: "Weight specifies the proportion + of requests forwarded to the referenced + backend. This is computed as weight/(sum + of all weights in this BackendRefs list). + For non-zero values, there may be some + epsilon from the exact proportion defined + here depending on the precision an implementation + supports. Weight is not a percentage and + the sum of weights does not need to equal + 100. \n If only one backend is specified + and it has a weight greater than 0, 100% + of the traffic is forwarded to that backend. + If weight is set to 0, no traffic should + be forwarded for this entry. If unspecified, + weight defaults to 1. \n Support for this + field varies based on the context where + used." format: int32 maximum: 1000000 minimum: 0 @@ -7911,20 +17765,58 @@ spec: maxItems: 16 type: array filters: + description: "Filters define the filters that + are applied to requests that match this rule. + \n The effects of ordering of multiple behaviors + are currently unspecified. This can change in + the future based on feedback during the alpha + stage. \n Conformance-levels at this level are + defined based on the type of filter: \n - ALL + core filters MUST be supported by all implementations. + - Implementers are encouraged to support extended + filters. - Implementation-specific custom filters + have no API guarantees across implementations. + \n Specifying a core filter multiple times has + unspecified or custom conformance. \n Support: + Core" items: + description: HTTPRouteFilter defines processing + steps that must be completed during the request + or response lifecycle. HTTPRouteFilters are + meant as an extension point to express processing + that may be done in Gateway implementations. + Some examples include request or response + modification, implementing authentication + strategies, rate-limiting, and traffic shaping. + API guarantee/conformance is defined based + on the type of the filter. properties: extensionRef: + description: "ExtensionRef is an optional, + implementation-specific extension to the + \"filter\" behavior. For example, resource + \"myroutefilter\" in group \"networking.example.net\"). + ExtensionRef MUST NOT be used for core + and extended filters. \n Support: Implementation-specific" properties: group: + description: Group is the group of the + referent. For example, "networking.k8s.io". + When unspecified (empty string), core + API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the + referent. maxLength: 253 minLength: 1 type: string @@ -7934,16 +17826,47 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier defines + a schema for a filter that modifies request + headers. \n Support: Core" properties: add: + description: "Add adds the given header(s) + (name, value) to the request before + the action. It appends to any existing + values associated with the header + name. \n Input: GET /foo HTTP/1.1 + my-header: foo \n Config: add: - name: + \"my-header\" value: \"bar\" \n Output: + GET /foo HTTP/1.1 my-header: foo my-header: + bar" items: + description: HTTPHeader represents + an HTTP Header name and value as + defined by RFC 7230. properties: name: + description: "Name is the name + of the HTTP Header to be matched. + Name matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify + equivalent header names, the + first entry with an equivalent + name MUST be considered for + a match. Subsequent entries + with an equivalent header name + MUST be ignored. Due to the + case-insensitivity of header + names, \"foo\" and \"Foo\" are + considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value + of HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7957,19 +17880,55 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given header(s) + from the HTTP request before the action. + The value of Remove is a list of HTTP + header names. Note that the header + names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 my-header1: + foo my-header2: bar my-header3: baz + \n Config: remove: [\"my-header1\", + \"my-header3\"] \n Output: GET /foo + HTTP/1.1 my-header2: bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the request + with the given header (name, value) + before the action. \n Input: GET /foo + HTTP/1.1 my-header: foo \n Config: + set: - name: \"my-header\" value: + \"bar\" \n Output: GET /foo HTTP/1.1 + my-header: bar" items: + description: HTTPHeader represents + an HTTP Header name and value as + defined by RFC 7230. properties: name: + description: "Name is the name + of the HTTP Header to be matched. + Name matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify + equivalent header names, the + first entry with an equivalent + name MUST be considered for + a match. Subsequent entries + with an equivalent header name + MUST be ignored. Due to the + case-insensitivity of header + names, \"foo\" and \"Foo\" are + considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value + of HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7984,30 +17943,86 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines a schema + for a filter that mirrors requests. Requests + are sent to the specified destination, + but responses from that destination are + ignored. \n Support: Extended" properties: backendRef: + description: "BackendRef references + a resource where mirrored requests + are sent. \n If the referent cannot + be found, this BackendRef is invalid + and must be dropped from the Gateway. + The controller must ensure the \"ResolvedRefs\" + condition on the Route status is set + to `status: False` and not configure + this backend in the underlying implementation. + \n If there is a cross-namespace reference + to an *existing* object that is not + allowed by a ReferencePolicy, the + controller must ensure the \"ResolvedRefs\" + \ condition on the Route is set to + `status: False`, with the \"RefNotPermitted\" + reason and not configure this backend + in the underlying implementation. + \n In either error case, the Message + of the `ResolvedRefs` Condition should + be used to provide more detail about + the problem. \n Support: Extended + for Kubernetes Service Support: Custom + for any other resource" properties: group: default: "" + description: Group is the group + of the referent. For example, + "networking.k8s.io". When unspecified + (empty string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the + referent. For example "HTTPRoute" + or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of + the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace + of the backend. When unspecified, + the local namespace is inferred. + \n Note that when a namespace + is specified, a ReferencePolicy + object is required in the referent + namespace to allow that namespace's + owner to accept the reference. + See the ReferencePolicy documentation + for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the + destination port number to use + for this resource. Port is required + when the referent is a Kubernetes + Service. For other resources, + destination port might be derived + from the referent resource or + this field. format: int32 maximum: 65535 minimum: 1 @@ -8019,30 +18034,81 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines a + schema for a filter that responds to the + request with an HTTP redirection. \n Support: + Core" properties: hostname: + description: "Hostname is the hostname + to be used in the value of the `Location` + header in the response. When empty, + the hostname of the request is used. + \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port to be + used in the value of the `Location` + header in the response. When empty, + port (if specified) of the request + is used. \n Support: Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme to + be used in the value of the `Location` + header in the response. When empty, + the scheme of the request is used. + \n Support: Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the HTTP + status code to be used in response. + \n Support: Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the type of + filter to apply. As with other API fields, + types are classified into three conformance + levels: \n - Core: Filter types and their + corresponding configuration defined by + \"Support: Core\" in this package, e.g. + \"RequestHeaderModifier\". All implementations + must support core filters. \n - Extended: + Filter types and their corresponding configuration + defined by \"Support: Extended\" in this + package, e.g. \"RequestMirror\". Implementers + are encouraged to support extended filters. + \n - Custom: Filters that are defined + and supported by specific vendors. In + the future, filters showing convergence + in behavior across multiple implementations + will be considered for inclusion in extended + or core conformance levels. Filter-specific + configuration for such filters is specified + using the ExtensionRef field. `Type` should + be set to \"ExtensionRef\" for custom + filters. \n Implementers are encouraged + to define custom implementation types + to extend the core API with implementation-specific + behavior. \n If a reference to a custom + filter type cannot be resolved, the filter + MUST NOT be skipped. Instead, requests + that would have been processed by that + filter MUST receive a HTTP error response." enum: - RequestHeaderModifier - RequestMirror @@ -8059,23 +18125,110 @@ spec: - path: type: PathPrefix value: / + description: "Matches define conditions used for + matching the rule against incoming HTTP requests. + Each match is independent, i.e. this rule will + be matched if **any** one of the matches is + satisfied. \n For example, take the following + matches configuration: \n ``` matches: - path: + value: \"/foo\" headers: - name: \"version\" + value: \"v2\" - path: value: \"/v2/foo\" ``` + \n For a request to match against this rule, + a request must satisfy EITHER of the two conditions: + \n - path prefixed with `/foo` AND contains + the header `version: v2` - path prefix of `/v2/foo` + \n See the documentation for HTTPRouteMatch + on how to specify multiple match conditions + that should be ANDed together. \n If no matches + are specified, the default is a prefix path + match on \"/\", which has the effect of matching + every HTTP request. \n Proxy or Load Balancer + routing configuration generated from HTTPRoutes + MUST prioritize rules based on the following + criteria, continuing on ties. Precedence must + be given to the the Rule with the largest number + of: \n * Characters in a matching non-wildcard + hostname. * Characters in a matching hostname. + * Characters in a matching path. * Header matches. + * Query param matches. \n If ties still exist + across multiple Routes, matching precedence + MUST be determined in order of the following + criteria, continuing on ties: \n * The oldest + Route based on creation timestamp. * The Route + appearing first in alphabetical order by \"/\". + \n If ties still exist within the Route that + has been given precedence, matching precedence + MUST be granted to the first matching rule meeting + the above criteria." items: + description: "HTTPRouteMatch defines the predicate + used to match requests to a given action. + Multiple match types are ANDed together, i.e. + the match will evaluate to true only if all + conditions are satisfied. \n For example, + the match below will match a HTTP request + only if its path starts with `/foo` AND it + contains the `version: v1` header: \n ``` + match: path: value: \"/foo\" headers: - name: + \"version\" value \"v1\" ```" properties: headers: + description: Headers specifies HTTP request + header matchers. Multiple match values + are ANDed together, meaning, a request + must match all the specified headers to + select the route. items: + description: HTTPHeaderMatch describes + how to select a HTTP route by matching + HTTP request headers. properties: name: + description: "Name is the name of + the HTTP Header to be matched. Name + matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, only the first entry + with an equivalent name MUST be + considered for a match. Subsequent + entries with an equivalent header + name MUST be ignored. Due to the + case-insensitivity of header names, + \"foo\" and \"Foo\" are considered + equivalent. \n When a header is + repeated in an HTTP request, it + is implementation-specific behavior + as to how this is represented. Generally, + proxies should follow the guidance + from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 + regarding processing a repeated + header, with special handling for + \"Set-Cookie\"." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact + description: "Type specifies how to + match against the value of the header. + \n Support: Core (Exact) \n Support: + Custom (RegularExpression) \n Since + RegularExpression HeaderMatchType + has custom conformance, implementations + can support POSIX, PCRE or any other + dialects of regular expressions. + Please read the implementation's + documentation to determine the supported + dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of + HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -8089,6 +18242,10 @@ spec: - name x-kubernetes-list-type: map method: + description: "Method specifies HTTP method + matcher. When specified, this route will + be matched only if the request has the + specified method. \n Support: Extended" enum: - GET - HEAD @@ -8104,9 +18261,17 @@ spec: default: type: PathPrefix value: / + description: Path specifies a HTTP request + path matcher. If this field is not specified, + a default prefix match on the "/" path + is provided. properties: type: default: PathPrefix + description: "Type specifies how to + match against the path Value. \n Support: + Core (Exact, PathPrefix) \n Support: + Custom (RegularExpression)" enum: - Exact - PathPrefix @@ -8114,23 +18279,50 @@ spec: type: string value: default: / + description: Value of the HTTP path + to match against. maxLength: 1024 type: string type: object queryParams: + description: QueryParams specifies HTTP + query parameter matchers. Multiple match + values are ANDed together, meaning, a + request must match all the specified query + parameters to select the route. items: + description: HTTPQueryParamMatch describes + how to select a HTTP route by matching + HTTP query parameters. properties: name: + description: Name is the name of the + HTTP query param to be matched. + This must be an exact string match. + (See https://tools.ietf.org/html/rfc7230#section-2.7.3). maxLength: 256 minLength: 1 type: string type: default: Exact + description: "Type specifies how to + match against the value of the query + parameter. \n Support: Extended + (Exact) \n Support: Custom (RegularExpression) + \n Since RegularExpression QueryParamMatchType + has custom conformance, implementations + can support POSIX, PCRE or any other + dialects of regular expressions. + Please read the implementation's + documentation to determine the supported + dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of + HTTP query param to be matched. maxLength: 1024 minLength: 1 type: string @@ -8154,41 +18346,54 @@ spec: inputs: items: properties: - dap: + dapr: properties: name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string topic: type: string type: + description: Type is the type of the component, if + it is not set, controller will get it automatically. type: string required: - name type: object - required: - - dap type: object type: array type: object workloadType: + description: How to run the function, known values are Deployment + or StatefulSet, default is Deployment. type: string type: object version: + description: Function version in format like v1.0.0 type: string workloadRuntime: default: OCIContainer + description: 'WorkloadRuntime for Function. Know values: ``` OCIContainer: + Nodes will run standard OCI container workloads. WasmEdge: Nodes will + run workloads using the crun (with WasmEdge support). ```' type: string required: - image type: object status: + description: FunctionStatus defines the observed state of Function properties: addresses: + description: Addresses holds the addresses that used to access the Function. items: properties: type: + description: Type of the address. type: string value: + description: Value of the address. maxLength: 253 minLength: 1 type: string @@ -8199,6 +18404,8 @@ spec: type: array build: properties: + buildDuration: + type: string lastSuccessfulResourceRef: type: string message: @@ -8222,30 +18429,67 @@ spec: route: properties: conditions: + description: Conditions describes the status of the route with respect + to the Gateway. Note that the route's availability is also subject + to the Gateway's own status conditions and listener status. items: + description: "Condition contains details for one aspect of the + current state of this API Resource. --- This struct is intended + for direct use as an array at the field path .status.conditions. + \ For example, \n type FooStatus struct{ // Represents the observations + of a foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + // +patchStrategy=merge // +listType=map // +listMapKey=type + Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" properties: lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be + when the underlying condition changed. If that is not known, + then using the time when the API field changed is acceptable. format: date-time type: string message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if + .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. format: int64 minimum: 0 type: integer reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ type: string status: + description: status of the condition, one of True, False, + Unknown. enum: - "True" - "False" - Unknown type: string type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict + is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -8263,7 +18507,20 @@ spec: - type x-kubernetes-list-type: map hosts: + description: Hosts list all actual hostnames of HTTPRoute. items: + description: "Hostname is the fully qualified domain name of a + network host. This matches the RFC 1123 definition of a hostname + with 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname + may be prefixed with a wildcard label (`*.`). The wildcard label + must appear by itself as the first label. \n Hostname can be + \"precise\" which is a domain name without the terminating dot + of a network host (e.g. \"foo.example.com\") or \"wildcard\", + which is a domain name prefixed with a single wildcard label + (e.g. `*.example.com`). \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric characters + or '-', and must start and end with an alphanumeric character. + No other punctuation is allowed." maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -8271,10 +18528,16 @@ spec: maxItems: 16 type: array paths: + description: Paths list all actual paths of HTTPRoute. items: + description: HTTPPathMatch describes how to select a HTTP route + by matching the HTTP request path. properties: type: default: PathPrefix + description: "Type specifies how to match against the path + Value. \n Support: Core (Exact, PathPrefix) \n Support: + Custom (RegularExpression)" enum: - Exact - PathPrefix @@ -8282,6 +18545,7 @@ spec: type: string value: default: / + description: Value of the HTTP path to match against. maxLength: 1024 type: string type: object @@ -8290,6 +18554,8 @@ spec: type: object serving: properties: + buildDuration: + type: string lastSuccessfulResourceRef: type: string message: @@ -8306,23 +18572,39 @@ spec: type: string type: object sources: + description: Sources holds the results emitted from the step definition + of different sources items: + description: SourceResult holds the results emitted from the different + sources properties: bundle: + description: Bundle holds the results emitted from from the step + definition of bundle source properties: digest: + description: Digest hold the image digest result type: string type: object git: + description: Git holds the results emitted from from the step + definition of a git source properties: branchName: + description: BranchName holds the default branch name of the + git source this will be set only when revision is not specified + in Build object type: string commitAuthor: + description: CommitAuthor holds the commit author of a git + source type: string commitSha: + description: CommitSha holds the commit sha of git source type: string type: object name: + description: Name is the name of source type: string required: - name diff --git a/openfunction/crds/gateway.yaml b/openfunction/crds/gateway.yaml index ef6cff7..e5cb8ef 100644 --- a/openfunction/crds/gateway.yaml +++ b/openfunction/crds/gateway.yaml @@ -24,31 +24,47 @@ spec: name: v1alpha1 schema: openAPIV3Schema: + description: Gateway is the Schema for the gateways API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: GatewaySpec defines the desired state of Gateway properties: clusterDomain: default: cluster.local + description: Used to generate the hostname field of gatewaySpec.listeners.openfunction.hostname type: string domain: + description: Used to generate the hostname field of gatewaySpec.listeners.openfunction.hostname type: string gatewayDef: + description: Definition to a new K8s gateway properties: gatewayClassName: + description: GatewayClassName used for this Gateway. This is the + name of a GatewayClass resource. maxLength: 253 minLength: 1 type: string name: + description: Name is the name of the referent. It refers to the + name of a k8s Gateway resource. maxLength: 253 minLength: 1 type: string namespace: + description: Namespace is the namespace of the referent. maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -58,12 +74,17 @@ spec: - namespace type: object gatewayRef: + description: Reference to an existing K8s gateway properties: name: + description: Name is the name of the referent. It refers to the + name of a k8s Gateway resource. maxLength: 253 minLength: 1 type: string namespace: + description: Namespace is the namespace of the referent. It refers + to a k8s namespace. maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -73,24 +94,67 @@ spec: - namespace type: object gatewaySpec: + description: GatewaySpec defines the desired state of k8s Gateway. properties: listeners: + description: "Listeners associated with this Gateway. Listeners + define logical endpoints that are bound on this Gateway's addresses. + At least one Listener MUST be specified. \n Each listener in a + Gateway must have a unique combination of Hostname, Port, and + Protocol." items: + description: Listener embodies the concept of a logical endpoint + where a Gateway accepts network connections. properties: allowedRoutes: default: namespaces: from: Same + description: "AllowedRoutes defines the types of routes that + MAY be attached to a Listener and the trusted namespaces + where those Route resources MAY be present. \n Although + a client request may match multiple route rules, only one + rule may ultimately receive the request. Matching precedence + MUST be determined in order of the following criteria: \n + * The most specific match as defined by the Route type. + * The oldest Route based on creation timestamp. For example, + a Route with a creation timestamp of \"2020-09-08 01:02:03\" + is given precedence over a Route with a creation timestamp + of \"2020-09-08 01:02:04\". * If everything else is equivalent, + the Route appearing first in alphabetical order (namespace/name) + should be given precedence. For example, foo/bar is given + precedence over foo/baz. \n All valid rules within a Route + attached to this Listener should be implemented. Invalid + Route rules can be ignored (sometimes that will mean the + full Route). If a Route rule transitions from valid to invalid, + support for that Route rule should be dropped to ensure + consistency. For example, even if a filter specified by + a Route rule is invalid, the rest of the rules within that + Route should still be supported. \n Support: Core" properties: kinds: + description: "Kinds specifies the groups and kinds of + Routes that are allowed to bind to this Gateway Listener. + When unspecified or empty, the kinds of Routes selected + are determined using the Listener protocol. \n A RouteGroupKind + MUST correspond to kinds of Routes that are compatible + with the application protocol specified in the Listener's + Protocol field. If an implementation does not support + or recognize this resource type, it MUST set the \"ResolvedRefs\" + condition to False for this Listener with the \"InvalidRoutesRef\" + reason. \n Support: Core" items: + description: RouteGroupKind indicates the group and + kind of a Route resource. properties: group: default: gateway.networking.k8s.io + description: Group is the group of the Route. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is the kind of the Route. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ @@ -103,24 +167,57 @@ spec: namespaces: default: from: Same + description: "Namespaces indicates namespaces from which + Routes may be attached to this Listener. This is restricted + to the namespace of this Gateway by default. \n Support: + Core" properties: from: default: Same + description: "From indicates where Routes will be + selected for this Gateway. Possible values are: + * All: Routes in all namespaces may be used by this + Gateway. * Selector: Routes in namespaces selected + by the selector may be used by this Gateway. * Same: + Only Routes in the same namespace may be used by + this Gateway. \n Support: Core" enum: - All - Selector - Same type: string selector: + description: "Selector must be specified when From + is set to \"Selector\". In that case, only Routes + in Namespaces matching this Selector will be selected + by this Gateway. This field is ignored for other + values of \"From\". \n Support: Core" properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -132,51 +229,132 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic type: object type: object hostname: + description: "Hostname specifies the virtual hostname to match + for protocol types that define this concept. When unspecified, + all hostnames are matched. This field is ignored for protocols + that don't require hostname based matching. \n Implementations + MUST apply Hostname matching appropriately for each of the + following protocols: \n * TLS: The Listener Hostname MUST + match the SNI. * HTTP: The Listener Hostname MUST match + the Host header of the request. * HTTPS: The Listener Hostname + SHOULD match at both the TLS and HTTP protocol layers as + described above. If an implementation does not ensure that + both the SNI and Host header match the Listener hostname, + it MUST clearly document that. \n For HTTPRoute and TLSRoute + resources, there is an interaction with the `spec.hostnames` + array. When both listener and route specify hostnames, there + MUST be an intersection between the values for a Route to + be accepted. For more information, refer to the Route specific + Hostnames documentation. \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string name: + description: "Name is the name of the Listener. \n Support: + Core" maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the network port. Multiple listeners + may use the same port, subject to the Listener compatibility + rules. \n Support: Core" format: int32 maximum: 65535 minimum: 1 type: integer protocol: + description: "Protocol specifies the network protocol this + listener expects to receive. \n Support: Core" maxLength: 255 minLength: 1 pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$ type: string tls: + description: "TLS is the TLS configuration for the Listener. + This field is required if the Protocol field is \"HTTPS\" + or \"TLS\". It is invalid to set this field if the Protocol + field is \"HTTP\", \"TCP\", or \"UDP\". \n The association + of SNIs to Certificate defined in GatewayTLSConfig is defined + based on the Hostname field for this listener. \n The GatewayClass + MUST use the longest matching SNI out of all available certificates + for any TLS handshake. \n Support: Core" properties: certificateRefs: + description: "CertificateRefs contains a series of references + to Kubernetes objects that contains TLS certificates + and private keys. These certificates are used to establish + a TLS handshake for requests that match the hostname + of the associated listener. \n A single CertificateRef + to a Kubernetes Secret has \"Core\" support. Implementations + MAY choose to support attaching multiple certificates + to a Listener, but this behavior is implementation-specific. + \n References to a resource in different namespace are + invalid UNLESS there is a ReferencePolicy in the target + namespace that allows the certificate to be attached. + If a ReferencePolicy does not allow this reference, + the \"ResolvedRefs\" condition MUST be set to False + for this listener with the \"InvalidCertificateRef\" + reason. \n This field is required to have at least one + element when the mode is set to \"Terminate\" (default) + and is optional otherwise. \n CertificateRefs can reference + to standard Kubernetes resources, i.e. Secret, or implementation-specific + custom resources. \n Support: Core - A single reference + to a Kubernetes Secret \n Support: Implementation-specific + (More than one reference or other resource types)" items: + description: "SecretObjectReference identifies an API + object including its namespace, defaulting to Secret. + \n The API object must be valid in the cluster; the + Group and Kind must be registered in the cluster for + this reference to be valid. \n References to objects + with invalid Group and Kind are not valid, and must + be rejected by the implementation, with appropriate + Conditions set on the containing object." properties: group: default: "" + description: Group is the group of the referent. + For example, "networking.k8s.io". When unspecified + (empty string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Secret + description: Kind is kind of the referent. For example + "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace of the + backend. When unspecified, the local namespace + is inferred. \n Note that when a namespace is + specified, a ReferencePolicy object is required + in the referent namespace to allow that namespace's + owner to accept the reference. See the ReferencePolicy + documentation for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -188,15 +366,40 @@ spec: type: array mode: default: Terminate + description: "Mode defines the TLS behavior for the TLS + session initiated by the client. There are two possible + modes: \n - Terminate: The TLS session between the downstream + client and the Gateway is terminated at the Gateway. + This mode requires certificateRefs to be set and contain + at least one element. - Passthrough: The TLS session + is NOT terminated by the Gateway. This implies that + the Gateway can't decipher the TLS stream except for + the ClientHello message of the TLS protocol. CertificateRefs + field is ignored in this mode. \n Support: Core" enum: - Terminate - Passthrough type: string options: additionalProperties: + description: AnnotationValue is the value of an annotation + in Gateway API. This is used for validation of maps + such as TLS options. This roughly matches Kubernetes + annotation validation, although the length validation + in that case is based on the entire size of the annotations + struct. maxLength: 4096 minLength: 0 type: string + description: "Options are a list of key/value pairs to + enable extended TLS configuration for each implementation. + For example, configuring the minimum TLS version or + supported cipher suites. \n A set of common keys MAY + be defined by the API in the future. To avoid any ambiguity, + implementation-specific definitions MUST use domain-prefixed + names, such as `example.com/my-custom-option`. Un-prefixed + names are reserved for key names defined by Gateway + API. \n Support: Implementation-specific" maxProperties: 16 type: object type: object @@ -215,30 +418,42 @@ spec: type: object hostTemplate: default: '{{.Name}}.{{.Namespace}}.{{.Domain}}' + description: Used to generate the hostname of attaching HTTPRoute type: string httpRouteLabelKey: default: app.kubernetes.io/managed-by + description: Label key to add to the HTTPRoute generated by function + The value will be the `gateway.openfunction.openfunction.io` CR's + namespaced name type: string pathTemplate: default: '{{.Namespace}}/{{.Name}}' + description: Used to generate the path of attaching HTTPRoute type: string required: - domain - gatewaySpec type: object status: + description: GatewayStatus defines the observed state of Gateway properties: addresses: items: + description: GatewayAddress describes an address that can be bound + to a Gateway. properties: type: default: IPAddress + description: Type of the address. enum: - IPAddress - Hostname - NamedAddress type: string value: + description: "Value of the address. The validity of the values + will depend on the type and support by the controller. \n Examples: + `1.2.3.4`, `128::1`, `my-ip-address`." maxLength: 253 minLength: 1 type: string @@ -253,6 +468,8 @@ spec: reason: NotReconciled status: Unknown type: Scheduled + description: "Conditions describe the current conditions of the Gateway. + \n Known condition types are: \n * \"Scheduled\" * \"Ready\"" items: properties: message: @@ -275,12 +492,18 @@ spec: - type x-kubernetes-list-type: map listeners: + description: Listeners provide status for each unique listener port + defined in the Spec. items: properties: attachedRoutes: + description: AttachedRoutes represents the total number of Routes + that have been successfully attached to this Listener. format: int32 type: integer conditions: + description: Conditions describe the current condition of this + listener. items: properties: message: @@ -303,19 +526,34 @@ spec: - type x-kubernetes-list-type: map name: + description: Name is the name of the Listener that this status + corresponds to. maxLength: 253 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string supportedKinds: + description: "SupportedKinds is the list indicating the Kinds + supported by this listener. This MUST represent the kinds an + implementation supports for that Listener configuration. \n + If kinds are specified in Spec that are not supported, they + MUST NOT appear in this list and an implementation MUST set + the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\" + reason. If both valid and invalid Route kinds are specified, + the implementation MUST reference the valid Route kinds that + have been specified." items: + description: RouteGroupKind indicates the group and kind of + a Route resource. properties: group: default: gateway.networking.k8s.io + description: Group is the group of the Route. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is the kind of the Route. maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ diff --git a/openfunction/crds/serving.yaml b/openfunction/crds/serving.yaml index 001cdfa..854a9c6 100644 --- a/openfunction/crds/serving.yaml +++ b/openfunction/crds/serving.yaml @@ -1,8 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 name: servings.core.openfunction.io spec: conversion: @@ -37,21 +35,31 @@ spec: name: v1beta1 schema: openAPIV3Schema: + description: Serving is the Schema for the servings API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: ServingSpec defines the desired state of Serving properties: annotations: additionalProperties: type: string + description: Annotations that will be add to the workload. type: object bindings: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -59,10 +67,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: type: string @@ -73,7 +85,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct for + the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -88,28 +101,43 @@ spec: - type - version type: object + description: Configurations of dapr bindings components. type: object image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic inputs: + description: Function inputs from Dapr components including binding, + pubsub Available for Async Runtime only. items: properties: component: + description: Component indicates the name of components in Dapr type: string name: + description: The name of DaprIO. type: string operation: + description: Operation field tells the Dapr component which operation + it should perform. type: string params: additionalProperties: type: string + description: Parameters for dapr input/output. type: object topic: + description: Topic name of mq, required when type is pubsub type: string required: - component @@ -119,21 +147,30 @@ spec: labels: additionalProperties: type: string + description: Parameters of OpenFuncAsync runtime. type: object outputs: + description: Function outputs from Dapr components including binding, + pubsub items: properties: component: + description: Component indicates the name of components in Dapr type: string name: + description: The name of DaprIO. type: string operation: + description: Operation field tells the Dapr component which operation + it should perform. type: string params: additionalProperties: type: string + description: Parameters for dapr input/output. type: object topic: + description: Topic name of mq, required when type is pubsub type: string required: - component @@ -143,12 +180,17 @@ spec: params: additionalProperties: type: string + description: Parameters to pass to the serving. All parameters will + be injected into the pod as environment variables. Function code can + use these parameters by getting environment variables type: object port: + description: The port on which the function will be invoked format: int32 type: integer pubsub: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -156,10 +198,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: type: string @@ -170,7 +216,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct for + the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -185,13 +232,17 @@ spec: - type - version type: object + description: Configurations of dapr pubsub components. type: object runtime: + description: The configuration of the backend runtime for running function. enum: - knative - async type: string scaleOptions: + description: The ScaleOptions will help us to set up guidelines for + the autoscaling of function workloads. properties: keda: properties: @@ -207,14 +258,19 @@ spec: format: int32 type: integer restartPolicy: + description: Restart policy for all containers within the + pod. One of 'OnFailure', 'Never'. Default to 'Never'. type: string scalingStrategy: + description: ScalingStrategy defines the strategy of Scaling properties: customScalingQueueLengthDeduction: format: int32 type: integer customScalingRunningJobPercentage: type: string + multipleScalersCalculation: + type: string pendingPodConditions: items: type: string @@ -229,22 +285,54 @@ spec: scaledObject: properties: advanced: + description: AdvancedConfig specifies advance scaling options properties: horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies + horizontal scale config properties: behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up + and Down directions (scaleUp and scaleDown fields + respectively). properties: scaleDown: + description: scaleDown is scaling policy for + scaling Down. If not set, the default value + is to allow to scale down to minReplicas pods, + with a 300 second stabilization window (i.e., + the highest recommendation for the last 300sec + is used). properties: policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be + discarded as invalid items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which the + policy should hold true. PeriodSeconds + must be greater than zero and less + than or equal to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the amount + of change which is permitted by + the policy. It must be greater than + zero format: int32 type: integer required: @@ -253,23 +341,63 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which past + recommendations should be considered while + scaling up or scaling down. StabilizationWindowSeconds + must be greater than or equal to zero + and less than or equal to 3600 (one hour). + If not set, use the default values: - + For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object scaleUp: + description: 'scaleUp is scaling policy for + scaling Up. If not set, the default value + is the higher of: * increase no more than + 4 pods per 60 seconds * double the number + of pods per 60 seconds No stabilization is + used.' properties: policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be + discarded as invalid items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which the + policy should hold true. PeriodSeconds + must be greater than zero and less + than or equal to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the amount + of change which is permitted by + the policy. It must be greater than + zero format: int32 type: integer required: @@ -278,13 +406,30 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which past + recommendations should be considered while + scaling up or scaling down. StabilizationWindowSeconds + must be greater than or equal to zero + and less than or equal to 3600 (one hour). + If not set, use the default values: - + For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object type: object + name: + type: string type: object restoreToOriginalReplicaCount: type: boolean @@ -302,12 +447,16 @@ spec: format: int32 type: integer workloadType: + description: How to run the function, known values are Deployment + or StatefulSet, default is Deployment. type: string type: object type: object knative: additionalProperties: type: string + description: Refer to https://knative.dev/docs/serving/autoscaling/ + to learn more about the autoscaling options of Knative Serving. type: object maxReplicas: format: int32 @@ -318,6 +467,7 @@ spec: type: object states: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -325,10 +475,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: type: string @@ -339,7 +493,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct for + the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -354,29 +509,78 @@ spec: - type - version type: object + description: Configurations of dapr state components. type: object template: + description: Template describes the pods that will be created. The container + named `function` is the container which is used to run the image built + by the builder. If it is not set, the controller will automatically + add one. properties: activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will actively + try to mark it failed and kill associated containers. Value must + be a positive integer. format: int64 type: integer affinity: + description: If specified, the pod's scheduling constraints properties: nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). properties: preference: + description: A node selector term, associated with + the corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -386,13 +590,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -402,7 +626,10 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -411,18 +638,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -432,13 +692,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -448,28 +728,70 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -481,18 +803,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -504,18 +860,42 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -524,18 +904,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -547,18 +962,49 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -570,13 +1016,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -584,22 +1050,64 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -611,18 +1119,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -634,18 +1176,42 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -654,18 +1220,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -677,18 +1278,49 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -700,13 +1332,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -715,124 +1367,270 @@ spec: type: object type: object automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted. type: boolean containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least one + container in a Pod. Cannot be updated. items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded using + the container''s environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references will + never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -840,49 +1638,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -890,25 +1737,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -916,37 +1779,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -954,62 +1851,129 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -1020,37 +1984,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1058,47 +2056,111 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1106,6 +2168,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1114,101 +2178,261 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields of + SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed + until this completes successfully. If this probe fails, + the Pod will be restarted, just as if the livenessProbe + failed. This can be used to provide different probe parameters + at the beginning of a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1216,61 +2440,141 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1278,19 +2582,41 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -1298,152 +2624,329 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters specified + here will be merged to the generated DNS configuration based on + DNSPolicy. properties: nameservers: + description: A list of DNS name server IP addresses. This will + be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. items: type: string type: array options: + description: A list of DNS resolver options. This will be merged + with the base options generated from DNSPolicy. Duplicated + entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. properties: name: + description: Required. type: string value: type: string type: object type: array searches: + description: A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from + DNSPolicy. Duplicated search paths will be removed. items: type: string type: array type: object dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' + or 'None'. DNS parameters given in DNSConfig will be merged with + the policy selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly to + 'ClusterFirstWithHostNet'. type: string enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about + services should be injected into pod''s environment variables, + matching the syntax of Docker links. Optional: Defaults to true.' type: boolean ephemeralContainers: + description: List of ephemeral containers run in this pod. Ephemeral + containers may be run in an existing pod to perform user-initiated + actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod + spec. In order to add an ephemeral container to an existing pod, + use the pod's ephemeralcontainers subresource. items: + description: "An EphemeralContainer is a temporary container that + you may add to an existing Pod for user-initiated activities + such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they + exit or when a Pod is removed or restarted. The kubelet may + evict a Pod if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, use + the ephemeralcontainers subresource of an existing Pod. Ephemeral + containers may not be removed or restarted." properties: args: + description: 'Arguments to the entrypoint. The image''s CMD + is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Lifecycle is not allowed for ephemeral containers. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1451,49 +2954,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1501,25 +3053,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -1527,37 +3095,69 @@ spec: type: object type: object livenessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1565,62 +3165,123 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the ephemeral container specified as + a DNS_LABEL. This name must be unique among all containers, + init containers and ephemeral containers. type: string ports: + description: Ports are not allowed for ephemeral containers. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -1631,37 +3292,69 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1669,47 +3362,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: Resources are not allowed for ephemeral containers. + Ephemeral containers use spare resources already allocated + to the pod. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -1717,6 +3475,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1725,101 +3485,254 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'Optional: SecurityContext defines the security + options the ephemeral container should be run with. If set, + the fields of SecurityContext override the equivalent fields + of PodSecurityContext.' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -1827,63 +3740,151 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean targetContainerName: + description: "If set, the name of the container from PodSpec + that this ephemeral container targets. The ephemeral container + will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime must + implement support for this feature. If the runtime does + not support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -1891,19 +3892,42 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -1911,154 +3935,349 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array hostAliases: + description: HostAliases is an optional list of hosts and IPs that + will be injected into the pod's hosts file if specified. This + is only valid for non-hostNetwork pods. items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string type: object type: array hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to + false.' type: boolean hostNetwork: + description: Host networking requested for this pod. Use the host's + network namespace. If this option is set, the ports that will + be used must be specified. Default to false. type: boolean hostPID: + description: 'Use the host''s pid namespace. Optional: Default to + false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be run in + the host user namespace, useful for when the pod needs a feature + only available to the host user namespace, such as loading a kernel + module with CAP_SYS_MODULE. When set to false, a new userns is + created for the pod. Setting false is useful for mitigating container + breakout vulnerabilities even allowing users to run their containers + as root without actually having root privileges on the host. This + field is alpha-level and is only honored by servers that enable + the UserNamespacesSupport feature.' type: boolean hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: + description: 'List of initialization containers belonging to the + pod. Init containers are executed in order prior to containers + being started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique + among all containers. Init containers may not have Lifecycle actions, + Readiness probes, Liveness probes, or Startup probes. The resourceRequirements + of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and + then using the max of of that value or the sum of the normal containers. + Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded using + the container''s environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references will + never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2066,49 +4285,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2116,25 +4384,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -2142,37 +4426,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2180,62 +4498,129 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -2246,37 +4631,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2284,47 +4703,111 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2332,6 +4815,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2340,101 +4825,261 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields of + SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed + until this completes successfully. If this probe fails, + the Pod will be restarted, just as if the livenessProbe + failed. This can be used to provide different probe parameters + at the beginning of a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -2442,61 +5087,141 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -2504,19 +5229,41 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -2524,21 +5271,50 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array nodeName: + description: NodeName is a request to schedule this pod onto a specific + node. If it is non-empty, the scheduler simply schedules this + pod onto that node, assuming that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic os: + description: "Specifies the OS of the containers in the pod. Some + pod and container fields are restricted if this is set. \n If + the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions \n If the OS field is set to windows, + following fields must be unset: - spec.hostPID - spec.hostIPC + - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls - spec.shareProcessNamespace - + spec.securityContext.runAsUser - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem - + spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" properties: name: + description: 'Name is the name of the operating system. The + currently supported values are linux and windows. Additional + value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat + unrecognized values in this field as os: null' type: string required: - name @@ -2550,75 +5326,271 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field will be + autopopulated at admission time by the RuntimeClass admission + controller. If the RuntimeClass admission controller is enabled, + overhead must not be set in Pod create requests. The RuntimeClass + admission controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured and selected + in the PodSpec, Overhead will be set to the value defined in the + corresponding RuntimeClass, otherwise it will remain unset and + treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods + with lower priority. One of Never, PreemptLowerPriority. Defaults + to PreemptLowerPriority if unset. type: string priority: + description: The priority value. Various system components use this + field to find the priority of the pod. When Priority Admission + Controller is enabled, it prevents users from setting this field. + The admission controller populates this field from PriorityClassName. + The higher the value, the higher the priority. format: int32 type: integer priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which indicate + the highest priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass object + with that name. If not specified, the pod priority will be default + or zero if there is no default. type: string readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers are + ready AND all conditions specified in the readiness gates have + status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: + description: PodReadinessGate contains the reference to a pod + condition properties: conditionType: + description: ConditionType refers to a condition in the pod's + condition list with matching type. type: string required: - conditionType type: object type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims must be + allocated and reserved before the Pod is allowed to start. The + resources will be made available to those containers which consume + them by name. \n This is an alpha field and requires enabling + the DynamicResourceAllocation feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely identifies + the ResourceClaim inside the Pod. Containers that need access + to the ResourceClaim reference it with this name. + properties: + name: + description: Name uniquely identifies this resource claim + inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a ResourceClaim + object in the same namespace as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of + a ResourceClaimTemplate object in the same namespace + as this pod. \n The template will be used to create + a new ResourceClaim, which will be bound to this pod. + When this pod is deleted, the ResourceClaim will also + be deleted. The name of the ResourceClaim will be -, where is the + PodResourceClaim.Name. Pod validation will reject the + pod if the concatenated name is not valid for a ResourceClaim + (e.g. too long). \n An existing ResourceClaim with that + name that is not owned by the pod will not be used for + the pod to avoid using an unrelated resource by mistake. + Scheduling and pod startup are then blocked until the + unrelated ResourceClaim is removed. \n This field is + immutable and no changes will be made to the corresponding + ResourceClaim by the control plane after creating the + ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: + description: 'Restart policy for all containers within the pod. + One of Always, OnFailure, Never. Default to Always. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' type: string runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in + the node.k8s.io group, which should be used to run this pod. If + no RuntimeClass resource matches the named class, the pod will + not be run. If unset or empty, the "legacy" RuntimeClass will + be used, which is an implicit class with an empty definition that + uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched by default + scheduler. type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values that if + specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + \n This is an alpha-level feature enabled by PodSchedulingReadiness + feature gate." + items: + description: PodSchedulingGate is associated to a Pod to guard + its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' properties: fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' type: string runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies to + the container. type: string role: + description: Role is a SELinux role label that applies to + the container. type: string type: + description: Type is a SELinux type label that applies to + the container. type: string user: + description: User is a SELinux user label that applies to + the container. type: string type: object seccompProfile: + description: The seccomp options to use by the containers in + this pod. Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. items: + description: Sysctl defines a kernel parameter to be set properties: name: + description: Name of a property to set type: string value: + description: Value of a property to set type: string required: - name @@ -2626,59 +5598,165 @@ spec: type: object type: array windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the + WindowsHostProcessContainers feature flag. Setting this + field without the feature flag will result in errors when + validating the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias for + ServiceAccountName. Deprecated: Use serviceAccountName instead.' type: string serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the + pod's FQDN, rather than the leaf name (the default). In Linux + containers, this means setting the FQDN in the hostname field + of the kernel (the nodename field of struct utsname). In Windows + containers, this means setting the registry value of hostname + for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. Default + to false. type: boolean shareProcessNamespace: + description: 'Share a single process namespace between all of the + containers in a pod. When this is set containers will be able + to view and signal processes from other containers in the same + pod, and the first process in each container will not be assigned + PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: + Default to false.' type: boolean subdomain: + description: If specified, the fully qualified Pod hostname will + be "...svc.". + If not specified, the pod will not have a domainname at all. type: string terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully. May be decreased in delete request. Value must be + non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). If this value + is nil, the default grace period will be used instead. The grace + period is the duration in seconds after the processes running + in the pod are sent a termination signal and the time when the + processes are forcibly halted with a kill signal. Set this value + longer than the expected cleanup time for your process. Defaults + to 30 seconds. format: int64 type: integer tolerations: + description: If specified, the pod's tolerations. items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . properties: effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. type: string operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. type: string tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. format: int64 type: integer value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. properties: labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. items: type: string type: array @@ -2690,14 +5768,123 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A null + or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - if + MaxSkew is 1, incoming pod can only be scheduled to zone3 + to become 2/2/2; scheduling it onto zone1(zone2) would make + the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used + to give higher precedence to topologies that satisfy it. + It''s a required field. Default value is 1 and 0 is not + allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those + domains. If value is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + \n For example, in a 3-zone cluster, MaxSkew is set to 2, + MinDomains is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P + P | P P | The number of domains is less than 5(MinDomains), + so \"global minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled + to any of the three zones, it will violate MaxSkew. \n This + is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." format: int32 type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent to the + Honor policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. type: string whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, the + cluster can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -2710,104 +5897,229 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty).' format: int32 type: integer readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. properties: cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: + description: diskName is the Name of the data disk in + the blob storage type: string diskURI: + description: diskURI is the URI of data disk in the blob + storage type: string fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime properties: monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is optional: User is the rados user + name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: + description: 'volumeID used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: + description: configMap represents a configMap that should + populate this volume properties: defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is the + key and content is the value. If specified, the listed + keys will be projected into the specified paths, and + unlisted keys will not be present. If a key is specified + which is not present in the ConfigMap, the volume setup + will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start + with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. type: string required: - key @@ -2815,121 +6127,368 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: optional specify whether the ConfigMap or + its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). properties: driver: + description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. type: string fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume properties: defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: Items is a list of downward API volume file items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which + means to use the node''s default medium. Must be an + empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum usage + on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of + memory limits of all containers in a pod. The default + is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot + or capacity tracking are needed, c) the storage driver is + specified through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on the connection + between this volume type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. \n Use CSI for light-weight local + ephemeral volumes if the CSI driver is meant to be used + that way - see the documentation of the driver for more + information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of + the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid using + an unrelated volume by mistake. Starting the pod is + then blocked until the unrelated PVC is removed. If + such a pre-created PVC is meant to be used by the pod, + the PVC has to updated with an owner reference to the + pod once the pod exists. Normally this should not be + necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no + changes will be made by Kubernetes to the PVC after + it has been created. \n Required, must not be nil." properties: metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No + other fields are allowed and will be rejected during + validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The same + fields as in a PersistentVolumeClaim are also valid + here. properties: accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced type: string required: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2937,6 +6496,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2945,18 +6507,46 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -2968,13 +6558,28 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. type: string volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -2982,125 +6587,264 @@ spec: type: object type: object fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising the machine' type: string lun: + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: + description: driver is the name of the driver to use for + this volume. type: string fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default filesystem + depends on FlexVolume script. type: string options: additionalProperties: type: string + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if + no secret object is specified. If the secret object + contains more than one secret, all secrets are passed + to the plugin scripts.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running properties: datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated type: string datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' properties: directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, + the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: + description: repository is the URL type: string revision: + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: + description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: + description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication type: boolean chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + description: iscsiInterface is the interface Name that + uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: + description: targetPortal is iSCSI Target Portal. The + Portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -3108,67 +6852,150 @@ spec: - targetPortal type: object name: + description: 'name of the volume. Must be a DNS_LABEL and + unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: + description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: + description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: + description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: + description: defaultMode are the mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this + setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: + description: sources is the list of volume projections items: + description: Projection that may be projected along + with other supported volume types properties: configMap: + description: configMap information about the configMap + data to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. type: string required: - key @@ -3176,60 +7003,147 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: + description: downwardAPI information about the downwardAPI + data to project properties: items: + description: Items is a list of DownwardAPIVolume + file items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". type: string fieldPath: + description: Path of the field to + select in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. + YAML accepts both octal and decimal + values, JSON requires decimal values + for mode bits. If not specified, the + volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' format: int32 type: integer path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' properties: containerName: + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to + select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: + description: secret information about the secret + data to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. type: string required: - key @@ -3237,18 +7151,45 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional field specify whether + the Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project properties: audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. type: string expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: + description: path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -3257,74 +7198,150 @@ spec: type: array type: object quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: + description: group to map volume access to Default is + no group type: string readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes type: string tenant: + description: tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin type: string user: + description: user to map volume access to Defaults to + serivceaccount user type: string volume: + description: volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: + description: 'rbd represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: + description: 'pool is the rados pool name. Default is + rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is the rados user name. Default is + admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: + description: system is the name of the storage system + as configured in ScaleIO. type: string volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -3332,19 +7349,54 @@ spec: - system type: object secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: items If unspecified, each key-value pair + in the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. type: string required: - key @@ -3352,35 +7404,77 @@ spec: type: object type: array optional: + description: optional field specify whether the Secret + or its keys must be defined type: boolean secretName: + description: 'secretName is the name of the secret in + the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: + description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. type: string volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -3393,57 +7487,75 @@ spec: - containers type: object timeout: + description: Timeout defines the maximum amount of time the Serving + should take to execute before the Serving is running. type: string triggers: + description: Triggers are used to specify the trigger sources of the + function. The Keda (ScaledObject, ScaledJob) configuration in ScaleOptions + cannot take effect without Triggers being set. items: properties: authenticationRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used to authenticate + the scaler with the environment properties: kind: + description: Kind of the resource being referred to. Defaults + to TriggerAuthentication. type: string name: type: string required: - name type: object - fallback: - format: int32 - type: integer metadata: additionalProperties: type: string type: object + metricType: + description: MetricTargetType specifies the type of metric being + targeted, and should be either "Value", "AverageValue", or "Utilization" + type: string name: type: string targetKind: + description: ScaleTargetKind represents the kind of trigger target. enum: - object - job type: string type: type: string + useCachedMetrics: + type: boolean required: - metadata - type type: object type: array version: + description: Function version in format like v1.0.0 type: string required: - image - runtime type: object status: + description: ServingStatus defines the observed state of Serving properties: phase: type: string resourceRef: additionalProperties: type: string + description: Associate resources. type: object state: type: string url: + description: Service holds the service name used to access the serving. type: string type: object type: object @@ -3464,21 +7576,31 @@ spec: name: v1beta2 schema: openAPIV3Schema: + description: Serving is the Schema for the servings API properties: apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: + description: ServingSpec defines the desired state of Serving properties: annotations: additionalProperties: type: string + description: Annotations that will be added to the workload. type: object bindings: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -3486,10 +7608,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: type: string @@ -3500,7 +7626,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct for + the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -3515,8 +7642,11 @@ spec: - type - version type: object + description: Configurations of dapr bindings components. type: object hooks: + description: Hooks define the hooks that will execute before or after + function execution. properties: policy: type: string @@ -3530,17 +7660,27 @@ spec: type: array type: object image: + description: Function image name type: string imageCredentials: + description: ImageCredentials references a Secret that contains credentials + to access the image repository. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic labels: additionalProperties: type: string + description: Parameters of asyncFunc runtime, must not be nil when runtime + is OpenFuncAsync. type: object outputs: + description: Function outputs from Dapr components including binding, + pubsub items: properties: dapr: @@ -3548,16 +7688,25 @@ spec: metadata: additionalProperties: type: string + description: Metadata is the metadata for dapr Com. type: object name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string operation: + description: Operation field tells the Dapr component which + operation it should perform. type: string outputName: + description: 'Deprecated: Only for compatibility with v1beta1' type: string topic: type: string type: + description: Type is the type of the component, if it is not + set, controller will get it automatically. type: string required: - name @@ -3567,9 +7716,13 @@ spec: params: additionalProperties: type: string + description: Parameters to pass to the serving. All parameters will + be injected into the pod as environment variables. Function code can + use these parameters by getting environment variables type: object pubsub: additionalProperties: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -3577,10 +7730,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret holding + the value for the metadata item. Name is the secret name, + and key is the field in the secret. properties: key: type: string @@ -3591,7 +7748,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct for + the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -3606,11 +7764,25 @@ spec: - type - version type: object + description: Configurations of dapr pubsub components. type: object scaleOptions: + description: The ScaleOptions will help us to set up guidelines for + the autoscaling of function workloads. properties: keda: properties: + httpScaledObject: + properties: + cooldownPeriod: + description: Cooldown period value + format: int32 + type: integer + targetPendingRequests: + description: Target metric value + format: int32 + type: integer + type: object scaledJob: properties: failedJobsHistoryLimit: @@ -3620,14 +7792,19 @@ spec: format: int32 type: integer restartPolicy: + description: Restart policy for all containers within the + pod. One of 'OnFailure', 'Never'. Default to 'Never'. type: string scalingStrategy: + description: ScalingStrategy defines the strategy of Scaling properties: customScalingQueueLengthDeduction: format: int32 type: integer customScalingRunningJobPercentage: type: string + multipleScalersCalculation: + type: string pendingPodConditions: items: type: string @@ -3642,22 +7819,54 @@ spec: scaledObject: properties: advanced: + description: AdvancedConfig specifies advance scaling options properties: horizontalPodAutoscalerConfig: + description: HorizontalPodAutoscalerConfig specifies + horizontal scale config properties: behavior: + description: HorizontalPodAutoscalerBehavior configures + the scaling behavior of the target in both Up + and Down directions (scaleUp and scaleDown fields + respectively). properties: scaleDown: + description: scaleDown is scaling policy for + scaling Down. If not set, the default value + is to allow to scale down to minReplicas pods, + with a 300 second stabilization window (i.e., + the highest recommendation for the last 300sec + is used). properties: policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be + discarded as invalid items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which the + policy should hold true. PeriodSeconds + must be greater than zero and less + than or equal to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the amount + of change which is permitted by + the policy. It must be greater than + zero format: int32 type: integer required: @@ -3666,23 +7875,63 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which past + recommendations should be considered while + scaling up or scaling down. StabilizationWindowSeconds + must be greater than or equal to zero + and less than or equal to 3600 (one hour). + If not set, use the default values: - + For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object scaleUp: + description: 'scaleUp is scaling policy for + scaling Up. If not set, the default value + is the higher of: * increase no more than + 4 pods per 60 seconds * double the number + of pods per 60 seconds No stabilization is + used.' properties: policies: + description: policies is a list of potential + scaling polices which can be used during + scaling. At least one policy must be specified, + otherwise the HPAScalingRules will be + discarded as invalid items: + description: HPAScalingPolicy is a single + policy which must hold true for a specified + past interval. properties: periodSeconds: + description: PeriodSeconds specifies + the window of time for which the + policy should hold true. PeriodSeconds + must be greater than zero and less + than or equal to 1800 (30 min). format: int32 type: integer type: + description: Type is used to specify + the scaling policy. type: string value: + description: Value contains the amount + of change which is permitted by + the policy. It must be greater than + zero format: int32 type: integer required: @@ -3691,13 +7940,30 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic selectPolicy: + description: selectPolicy is used to specify + which policy should be used. If not set, + the default value Max is used. type: string stabilizationWindowSeconds: + description: 'StabilizationWindowSeconds + is the number of seconds for which past + recommendations should be considered while + scaling up or scaling down. StabilizationWindowSeconds + must be greater than or equal to zero + and less than or equal to 3600 (one hour). + If not set, use the default values: - + For scale up: 0 (i.e. no stabilization + is done). - For scale down: 300 (i.e. + the stabilization window is 300 seconds + long).' format: int32 type: integer type: object type: object + name: + type: string type: object restoreToOriginalReplicaCount: type: boolean @@ -3705,33 +7971,61 @@ spec: cooldownPeriod: format: int32 type: integer + fallback: + description: Fallback is the spec for fallback options + properties: + failureThreshold: + format: int32 + type: integer + replicas: + format: int32 + type: integer + required: + - failureThreshold + - replicas + type: object pollingInterval: format: int32 type: integer type: object triggers: + description: Triggers are used to specify the trigger sources + of the function. The Keda (ScaledObject, ScaledJob) configuration + in ScaleOptions cannot take effect without Triggers being + set. items: + description: ScaleTriggers reference the scaler that will + be used properties: authenticationRef: + description: ScaledObjectAuthRef points to the TriggerAuthentication + or ClusterTriggerAuthentication object that is used + to authenticate the scaler with the environment properties: kind: + description: Kind of the resource being referred to. + Defaults to TriggerAuthentication. type: string name: type: string required: - name type: object - fallback: - format: int32 - type: integer metadata: additionalProperties: type: string type: object + metricType: + description: MetricTargetType specifies the type of metric + being targeted, and should be either "Value", "AverageValue", + or "Utilization" + type: string name: type: string type: type: string + useCachedMetrics: + type: boolean required: - metadata - type @@ -3741,6 +8035,8 @@ spec: knative: additionalProperties: type: string + description: Refer to https://knative.dev/docs/serving/autoscaling/ + to learn more about the autoscaling options of Knative Serving. type: object maxReplicas: format: int32 @@ -3753,6 +8049,7 @@ spec: additionalProperties: properties: spec: + description: ComponentSpec is the spec for a component. properties: ignoreErrors: type: boolean @@ -3760,10 +8057,14 @@ spec: type: string metadata: items: + description: MetadataItem is a name/value pair for a metadata. properties: name: type: string secretKeyRef: + description: SecretKeyRef is a reference to a secret + holding the value for the metadata item. Name is the + secret name, and key is the field in the secret. properties: key: type: string @@ -3774,7 +8075,8 @@ spec: - name type: object value: - type: "" + description: DynamicValue is a dynamic value struct + for the component.metadata pair value. x-kubernetes-preserve-unknown-fields: true required: - name @@ -3790,29 +8092,79 @@ spec: - version type: object type: object + description: Configurations of dapr state components. It can refer to + an existing state when the `state.spec` is nil. type: object template: + description: Template describes the pods that will be created. The container + named `function` is the container which is used to run the image built + by the builder. If it is not set, the controller will automatically + add one. properties: activeDeadlineSeconds: + description: Optional duration in seconds the pod may be active + on the node relative to StartTime before the system will actively + try to mark it failed and kill associated containers. Value must + be a positive integer. format: int64 type: integer affinity: + description: If specified, the pod's scheduling constraints properties: nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + matches the corresponding matchExpressions; the node(s) + with the highest sum are the most preferred. items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). properties: preference: + description: A node selector term, associated with + the corresponding weight. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -3822,13 +8174,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -3838,7 +8210,10 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. format: int32 type: integer required: @@ -3847,18 +8222,51 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its + node. properties: nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. + The TopologySelectorTerm type implements a subset + of the NodeSelectorTerm. properties: matchExpressions: + description: A list of node selector requirements + by node's labels. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -3868,13 +8276,33 @@ spec: type: object type: array matchFields: + description: A list of node selector requirements + by node's fields. items: + description: A node selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: The label key that the selector + applies to. type: string operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string values: + description: An array of string values. + If the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values + array must be empty. If the operator is + Gt or Lt, the values array must have a + single element, which will be interpreted + as an integer. This array is replaced + during a strategic merge patch. items: type: string type: array @@ -3884,28 +8312,70 @@ spec: type: object type: array type: object + x-kubernetes-map-type: atomic type: array required: - nodeSelectorTerms type: object + x-kubernetes-map-type: atomic type: object podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements + of this field and adding "weight" to the sum if the node + has pods which matches the corresponding podAffinityTerm; + the node(s) with the highest sum are the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -3917,18 +8387,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -3940,18 +8444,42 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -3960,18 +8488,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not + be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, the + lists of nodes corresponding to each podAffinityTerm are + intersected, i.e. all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -3983,18 +8546,49 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -4006,13 +8600,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -4020,22 +8634,64 @@ spec: type: array type: object podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling requirements + (resource request, requiredDuringScheduling anti-affinity + expressions, etc.), compute a sum by iterating through + the elements of this field and adding "weight" to the + sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) properties: podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4047,18 +8703,52 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -4070,18 +8760,42 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified + namespaces, where co-located is defined as running + on a node whose value of the label with key + topologyKey matches that of any node on which + any of the selected pods is running. Empty topologyKey + is not allowed. type: string required: - topologyKey type: object weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. format: int32 type: integer required: @@ -4090,18 +8804,53 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met at + some point during pod execution (e.g. due to a pod label + update), the system may or may not try to eventually evict + the pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located is + defined as running on a node whose value of the label + with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: + description: A label query over a set of resources, + in this case pods. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -4113,18 +8862,49 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to + the union of the namespaces selected by this field + and the ones listed in the namespaces field. null + selector and null or empty namespaces list means + "this pod's namespace". An empty selector ({}) matches + all namespaces. properties: matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. items: + description: A label selector requirement is + a selector that contains values, a key, and + an operator that relates the key and values. properties: key: + description: key is the label key that the + selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If + the operator is Exists or DoesNotExist, + the values array must be empty. This array + is replaced during a strategic merge patch. items: type: string type: array @@ -4136,13 +8916,33 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". + The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic namespaces: + description: namespaces specifies a static list of + namespace names that the term applies to. The term + is applied to the union of the namespaces listed + in this field and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector + means "this pod's namespace". items: type: string type: array topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey matches + that of any node on which any of the selected pods + is running. Empty topologyKey is not allowed. type: string required: - topologyKey @@ -4151,124 +8951,270 @@ spec: type: object type: object automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service + account token should be automatically mounted. type: boolean containers: + description: List of containers belonging to the pod. Containers + cannot currently be added or removed. There must be at least one + container in a Pod. Cannot be updated. items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded using + the container''s environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references will + never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4276,49 +9222,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4326,25 +9321,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -4352,37 +9363,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4390,62 +9435,129 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -4456,37 +9568,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4494,47 +9640,111 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4542,6 +9752,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4550,101 +9762,261 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields of + SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed + until this completes successfully. If this probe fails, + the Pod will be restarted, just as if the livenessProbe + failed. This can be used to provide different probe parameters + at the beginning of a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4652,61 +10024,141 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -4714,19 +10166,41 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -4734,152 +10208,329 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array dnsConfig: + description: Specifies the DNS parameters of a pod. Parameters specified + here will be merged to the generated DNS configuration based on + DNSPolicy. properties: nameservers: + description: A list of DNS name server IP addresses. This will + be appended to the base nameservers generated from DNSPolicy. + Duplicated nameservers will be removed. items: type: string type: array options: + description: A list of DNS resolver options. This will be merged + with the base options generated from DNSPolicy. Duplicated + entries will be removed. Resolution options given in Options + will override those that appear in the base DNSPolicy. items: + description: PodDNSConfigOption defines DNS resolver options + of a pod. properties: name: + description: Required. type: string value: type: string type: object type: array searches: + description: A list of DNS search domains for host-name lookup. + This will be appended to the base search paths generated from + DNSPolicy. Duplicated search paths will be removed. items: type: string type: array type: object dnsPolicy: + description: Set DNS policy for the pod. Defaults to "ClusterFirst". + Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' + or 'None'. DNS parameters given in DNSConfig will be merged with + the policy selected with DNSPolicy. To have DNS options set along + with hostNetwork, you have to specify DNS policy explicitly to + 'ClusterFirstWithHostNet'. type: string enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about + services should be injected into pod''s environment variables, + matching the syntax of Docker links. Optional: Defaults to true.' type: boolean ephemeralContainers: + description: List of ephemeral containers run in this pod. Ephemeral + containers may be run in an existing pod to perform user-initiated + actions such as debugging. This list cannot be specified when + creating a pod, and it cannot be modified by updating the pod + spec. In order to add an ephemeral container to an existing pod, + use the pod's ephemeralcontainers subresource. items: + description: "An EphemeralContainer is a temporary container that + you may add to an existing Pod for user-initiated activities + such as debugging. Ephemeral containers have no resource or + scheduling guarantees, and they will not be restarted when they + exit or when a Pod is removed or restarted. The kubelet may + evict a Pod if an ephemeral container causes the Pod to exceed + its resource allocation. \n To add an ephemeral container, use + the ephemeralcontainers subresource of an existing Pod. Ephemeral + containers may not be removed or restarted." properties: args: + description: 'Arguments to the entrypoint. The image''s CMD + is used if this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. If a variable + cannot be resolved, the reference in the input string will + be unchanged. Double $$ are reduced to a single $, which + allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the variable + exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The image''s ENTRYPOINT is used if this is not provided. + Variable references $(VAR_NAME) are expanded using the container''s + environment. If a variable cannot be resolved, the reference + in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string literal + "$(VAR_NAME)". Escaped references will never be expanded, + regardless of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Lifecycle is not allowed for ephemeral containers. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4887,49 +10538,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -4937,25 +10637,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -4963,37 +10679,69 @@ spec: type: object type: object livenessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5001,62 +10749,123 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the ephemeral container specified as + a DNS_LABEL. This name must be unique among all containers, + init containers and ephemeral containers. type: string ports: + description: Ports are not allowed for ephemeral containers. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -5067,37 +10876,69 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5105,47 +10946,112 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: Resources are not allowed for ephemeral containers. + Ephemeral containers use spare resources already allocated + to the pod. properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5153,6 +11059,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5161,101 +11069,254 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'Optional: SecurityContext defines the security + options the ephemeral container should be run with. If set, + the fields of SecurityContext override the equivalent fields + of PodSecurityContext.' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: Probes are not allowed for ephemeral containers. properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5263,63 +11324,151 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean targetContainerName: + description: "If set, the name of the container from PodSpec + that this ephemeral container targets. The ephemeral container + will be run in the namespaces (IPC, PID, etc) of this container. + If not set then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container runtime must + implement support for this feature. If the runtime does + not support namespace targeting then the result of setting + this field is undefined." type: string terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -5327,19 +11476,42 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Subpath mounts are not allowed for ephemeral containers. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -5347,154 +11519,349 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array hostAliases: + description: HostAliases is an optional list of hosts and IPs that + will be injected into the pod's hosts file if specified. This + is only valid for non-hostNetwork pods. items: + description: HostAlias holds the mapping between IP and hostnames + that will be injected as an entry in the pod's hosts file. properties: hostnames: + description: Hostnames for the above IP address. items: type: string type: array ip: + description: IP address of the host file entry. type: string type: object type: array hostIPC: + description: 'Use the host''s ipc namespace. Optional: Default to + false.' type: boolean hostNetwork: + description: Host networking requested for this pod. Use the host's + network namespace. If this option is set, the ports that will + be used must be specified. Default to false. type: boolean hostPID: + description: 'Use the host''s pid namespace. Optional: Default to + false.' + type: boolean + hostUsers: + description: 'Use the host''s user namespace. Optional: Default + to true. If set to true or not present, the pod will be run in + the host user namespace, useful for when the pod needs a feature + only available to the host user namespace, such as loading a kernel + module with CAP_SYS_MODULE. When set to false, a new userns is + created for the pod. Setting false is useful for mitigating container + breakout vulnerabilities even allowing users to run their containers + as root without actually having root privileges on the host. This + field is alpha-level and is only honored by servers that enable + the UserNamespacesSupport feature.' type: boolean hostname: + description: Specifies the hostname of the Pod If not specified, + the pod's hostname will be set to a system-defined value. type: string imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references + to secrets in the same namespace to use for pulling any of the + images used by this PodSpec. If specified, these secrets will + be passed to individual puller implementations for them to use. + More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string type: object + x-kubernetes-map-type: atomic type: array initContainers: + description: 'List of initialization containers belonging to the + pod. Init containers are executed in order prior to containers + being started. If any init container fails, the pod is considered + to have failed and is handled according to its restartPolicy. + The name for an init container or normal container must be unique + among all containers. Init containers may not have Lifecycle actions, + Readiness probes, Liveness probes, or Startup probes. The resourceRequirements + of an init container are taken into account during scheduling + by finding the highest request/limit for each resource type, and + then using the max of of that value or the sum of the normal containers. + Limits are applied to init containers in a similar fashion. Init + containers cannot currently be added or removed. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' items: + description: A single application container that you want to run + within a pod. properties: args: + description: 'Arguments to the entrypoint. The container image''s + CMD is used if this is not provided. Variable references + $(VAR_NAME) are expanded using the container''s environment. + If a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of + whether the variable exists or not. Cannot be updated. More + info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array command: + description: 'Entrypoint array. Not executed within a shell. + The container image''s ENTRYPOINT is used if this is not + provided. Variable references $(VAR_NAME) are expanded using + the container''s environment. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for escaping + the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references will + never be expanded, regardless of whether the variable exists + or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array env: + description: List of environment variables to set in the container. + Cannot be updated. items: + description: EnvVar represents an environment variable present + in a Container. properties: name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. type: string value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' type: string valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. properties: configMapKeyRef: + description: Selects a key of a ConfigMap. properties: key: + description: The key to select. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the ConfigMap or + its key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic secretKeyRef: + description: Selects a key of a secret in the pod's + namespace properties: key: + description: The key of the secret to select + from. Must be a valid secret key. type: string name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: Specify whether the Secret or its + key must be defined type: boolean required: - key type: object + x-kubernetes-map-type: atomic type: object required: - name type: object type: array envFrom: + description: List of sources to populate environment variables + in the container. The keys defined within a source must + be a C_IDENTIFIER. All invalid keys will be reported as + an event when the container is starting. When a key exists + in multiple sources, the value associated with the last + source will take precedence. Values defined by an Env with + a duplicate key will take precedence. Cannot be updated. items: + description: EnvFromSource represents the source of a set + of ConfigMaps properties: configMapRef: + description: The ConfigMap to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the ConfigMap must + be defined type: boolean type: object + x-kubernetes-map-type: atomic prefix: + description: An optional identifier to prepend to each + key in the ConfigMap. Must be a C_IDENTIFIER. type: string secretRef: + description: The Secret to select from properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string optional: + description: Specify whether the Secret must be + defined type: boolean type: object + x-kubernetes-map-type: atomic type: object type: array image: + description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images + This field is optional to allow higher level config management + to default or override container images in workload controllers + like Deployments and StatefulSets.' type: string imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. + Defaults to Always if :latest tag is specified, or IfNotPresent + otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' type: string lifecycle: + description: Actions that the management system should take + in response to container lifecycle events. Cannot be updated. properties: postStart: + description: 'PostStart is called immediately after a + container is created. If the handler fails, the container + is terminated and restarted according to its restart + policy. Other management of the container blocks until + the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5502,49 +11869,98 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object type: object preStop: + description: 'PreStop is called immediately before a container + is terminated due to an API request or management event + such as liveness/startup probe failure, preemption, + resource contention, etc. The handler is not called + if the container crashes or exits. The Pod''s termination + grace period countdown begins before the PreStop hook + is executed. Regardless of the outcome of the handler, + the container will eventually terminate within the Pod''s + termination grace period (unless delayed by finalizers). + Other management of the container blocks until the hook + completes or until the termination grace period is reached. + More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory + for the command is root ('/') in the container's + filesystem. The command is simply exec'd, it + is not run inside a shell, so traditional shell + instructions ('|', etc) won't work. To use a + shell, you need to explicitly call out to that + shell. Exit status of 0 is treated as live/healthy + and non-zero is unhealthy. items: type: string type: array type: object httpGet: + description: HTTPGet specifies the http request to + perform. properties: host: + description: Host name to connect to, defaults + to the pod IP. You probably want to set "Host" + in httpHeaders instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5552,25 +11968,41 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the + host. Defaults to HTTP. type: string required: - port type: object tcpSocket: + description: Deprecated. TCPSocket is NOT supported + as a LifecycleHandler and kept for the backward + compatibility. There are no validation of this field + and lifecycle hooks will fail in runtime when tcp + handler is specified. properties: host: + description: 'Optional: Host name to connect to, + defaults to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range + 1 to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port @@ -5578,37 +12010,71 @@ spec: type: object type: object livenessProbe: + description: 'Periodic probe of container liveness. Container + will be restarted if the probe fails. Cannot be updated. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5616,62 +12082,129 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object name: + description: Name of the container specified as a DNS_LABEL. + Each container in a pod must have a unique name (DNS_LABEL). + Cannot be updated. type: string ports: + description: List of ports to expose from the container. Not + specifying a port here DOES NOT prevent that port from being + exposed. Any port which is listening on the default "0.0.0.0" + address inside a container will be accessible from the network. + Modifying this array with strategic merge patch may corrupt + the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. + Cannot be updated. items: + description: ContainerPort represents a network port in + a single container. properties: containerPort: + description: Number of port to expose on the pod's IP + address. This must be a valid port number, 0 < x < + 65536. format: int32 type: integer hostIP: + description: What host IP to bind the external port + to. type: string hostPort: + description: Number of port to expose on the host. If + specified, this must be a valid port number, 0 < x + < 65536. If HostNetwork is specified, this must match + ContainerPort. Most containers do not need this. format: int32 type: integer name: + description: If specified, this must be an IANA_SVC_NAME + and unique within the pod. Each named port in a pod + must have a unique name. Name for the port that can + be referred to by services. type: string protocol: default: TCP + description: Protocol for port. Must be UDP, TCP, or + SCTP. Defaults to "TCP". type: string required: - containerPort @@ -5682,37 +12215,71 @@ spec: - protocol x-kubernetes-list-type: map readinessProbe: + description: 'Periodic probe of container service readiness. + Container will be removed from service endpoints if the + probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5720,47 +12287,111 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object resources: + description: 'Compute Resources required by this container. + Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where this + field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -5768,6 +12399,8 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5776,101 +12409,261 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: + description: 'SecurityContext defines the security options + the container should be run with. If set, the fields of + SecurityContext override the equivalent fields of PodSecurityContext. + More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent process. + This bool directly controls if the no_new_privs flag + will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' type: boolean capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: + description: Added capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array drop: + description: Removed capabilities items: + description: Capability represent POSIX capabilities + type type: string type: array type: object privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that this + field cannot be set when spec.os.name is windows. type: boolean procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. type: string readOnlyRootFilesystem: + description: Whether this container has a read-only root + filesystem. Default is false. Note that this field cannot + be set when spec.os.name is windows. type: boolean runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if it + does. If unset or false, no such validation will be + performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies + to the container. type: string role: + description: Role is a SELinux role label that applies + to the container. type: string type: + description: Type is a SELinux type label that applies + to the container. type: string user: + description: User is a SELinux user label that applies + to the container. type: string type: object seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & container + level, the container options override the pod options. + Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. The + profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's + configured seccomp profile location. Must only be + set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp + profile will be applied. Valid options are: \n Localhost + - a profile defined in a file on the node should + be used. RuntimeDefault - the container runtime + default profile should be used. Unconfined - no + profile should be applied." type: string required: - type type: object windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of + the GMSA credential spec to use. type: string hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored by + components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. + All of a Pod's containers must have the same effective + HostProcess value (it is not allowed to have a mix + of HostProcess containers and non-HostProcess containers). In + addition, if HostProcess is true then HostNetwork + must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set + in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. type: string type: object type: object startupProbe: + description: 'StartupProbe indicates that the Pod has successfully + initialized. If specified, no other probes are executed + until this completes successfully. If this probe fails, + the Pod will be restarted, just as if the livenessProbe + failed. This can be used to provide different probe parameters + at the beginning of a Pod''s lifecycle, when it might take + a long time to load data or warm a cache, than during steady-state + operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: + description: Exec specifies the action to take. properties: command: + description: Command is the command line to execute + inside the container, the working directory for + the command is root ('/') in the container's filesystem. + The command is simply exec'd, it is not run inside + a shell, so traditional shell instructions ('|', + etc) won't work. To use a shell, you need to explicitly + call out to that shell. Exit status of 0 is treated + as live/healthy and non-zero is unhealthy. items: type: string type: array type: object failureThreshold: + description: Minimum consecutive failures for the probe + to be considered failed after having succeeded. Defaults + to 3. Minimum value is 1. format: int32 type: integer grpc: + description: GRPC specifies an action involving a GRPC + port. This is a beta field and requires enabling GRPCContainerProbe + feature gate. properties: port: + description: Port number of the gRPC service. Number + must be in the range 1 to 65535. format: int32 type: integer service: + description: "Service is the name of the service to + place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default behavior + is defined by gRPC." type: string required: - port type: object httpGet: + description: HTTPGet specifies the http request to perform. properties: host: + description: Host name to connect to, defaults to + the pod IP. You probably want to set "Host" in httpHeaders + instead. type: string httpHeaders: + description: Custom headers to set in the request. + HTTP allows repeated headers. items: + description: HTTPHeader describes a custom header + to be used in HTTP probes properties: name: + description: The header field name type: string value: + description: The header field value type: string required: - name @@ -5878,61 +12671,141 @@ spec: type: object type: array path: + description: Path to access on the HTTP server. type: string port: anyOf: - type: integer - type: string + description: Name or number of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true scheme: + description: Scheme to use for connecting to the host. + Defaults to HTTP. type: string required: - port type: object initialDelaySeconds: + description: 'Number of seconds after the container has + started before liveness probes are initiated. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer periodSeconds: + description: How often (in seconds) to perform the probe. + Default to 10 seconds. Minimum value is 1. format: int32 type: integer successThreshold: + description: Minimum consecutive successes for the probe + to be considered successful after having failed. Defaults + to 1. Must be 1 for liveness and startup. Minimum value + is 1. format: int32 type: integer tcpSocket: + description: TCPSocket specifies an action involving a + TCP port. properties: host: + description: 'Optional: Host name to connect to, defaults + to the pod IP.' type: string port: anyOf: - type: integer - type: string + description: Number or name of the port to access + on the container. Number must be in the range 1 + to 65535. Name must be an IANA_SVC_NAME. x-kubernetes-int-or-string: true required: - port type: object terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs + to terminate gracefully upon probe failure. The grace + period is the duration in seconds after the processes + running in the pod are sent a termination signal and + the time when the processes are forcibly halted with + a kill signal. Set this value longer than the expected + cleanup time for your process. If this value is nil, + the pod's terminationGracePeriodSeconds will be used. + Otherwise, this value overrides the value provided by + the pod spec. Value must be non-negative integer. The + value zero indicates stop immediately via the kill signal + (no opportunity to shut down). This is a beta field + and requires enabling ProbeTerminationGracePeriod feature + gate. Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. format: int64 type: integer timeoutSeconds: + description: 'Number of seconds after which the probe + times out. Defaults to 1 second. Minimum value is 1. + More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' format: int32 type: integer type: object stdin: + description: Whether this container should allocate a buffer + for stdin in the container runtime. If this is not set, + reads from stdin in the container will always result in + EOF. Default is false. type: boolean stdinOnce: + description: Whether the container runtime should close the + stdin channel after it has been opened by a single attach. + When stdin is true the stdin stream will remain open across + multiple attach sessions. If stdinOnce is set to true, stdin + is opened on container start, is empty until the first client + attaches to stdin, and then remains open and accepts data + until the client disconnects, at which time stdin is closed + and remains closed until the container is restarted. If + this flag is false, a container processes that reads from + stdin will never receive an EOF. Default is false type: boolean terminationMessagePath: + description: 'Optional: Path at which the file to which the + container''s termination message will be written is mounted + into the container''s filesystem. Message written is intended + to be brief final status, such as an assertion failure message. + Will be truncated by the node if greater than 4096 bytes. + The total message length across all containers will be limited + to 12kb. Defaults to /dev/termination-log. Cannot be updated.' type: string terminationMessagePolicy: + description: Indicate how the termination message should be + populated. File will use the contents of terminationMessagePath + to populate the container status message on both success + and failure. FallbackToLogsOnError will use the last chunk + of container log output if the termination message file + is empty and the container exited with an error. The log + output is limited to 2048 bytes or 80 lines, whichever is + smaller. Defaults to File. Cannot be updated. type: string tty: + description: Whether this container should allocate a TTY + for itself, also requires 'stdin' to be true. Default is + false. type: boolean volumeDevices: + description: volumeDevices is the list of block devices to + be used by the container. items: + description: volumeDevice describes a mapping of a raw block + device within a container. properties: devicePath: + description: devicePath is the path inside of the container + that the device will be mapped to. type: string name: + description: name must match the name of a persistentVolumeClaim + in the pod type: string required: - devicePath @@ -5940,19 +12813,41 @@ spec: type: object type: array volumeMounts: + description: Pod volumes to mount into the container's filesystem. + Cannot be updated. items: + description: VolumeMount describes a mounting of a Volume + within a container. properties: mountPath: + description: Path within the container at which the + volume should be mounted. Must not contain ':'. type: string mountPropagation: + description: mountPropagation determines how mounts + are propagated from the host to container and the + other way around. When not set, MountPropagationNone + is used. This field is beta in 1.10. type: string name: + description: This must match the Name of a Volume. type: string readOnly: + description: Mounted read-only if true, read-write otherwise + (false or unspecified). Defaults to false. type: boolean subPath: + description: Path within the volume from which the container's + volume should be mounted. Defaults to "" (volume's + root). type: string subPathExpr: + description: Expanded path within the volume from which + the container's volume should be mounted. Behaves + similarly to SubPath but environment variable references + $(VAR_NAME) are expanded using the container's environment. + Defaults to "" (volume's root). SubPathExpr and SubPath + are mutually exclusive. type: string required: - mountPath @@ -5960,21 +12855,50 @@ spec: type: object type: array workingDir: + description: Container's working directory. If not specified, + the container runtime's default will be used, which might + be configured in the container image. Cannot be updated. type: string required: - name type: object type: array nodeName: + description: NodeName is a request to schedule this pod onto a specific + node. If it is non-empty, the scheduler simply schedules this + pod onto that node, assuming that it fits resource requirements. type: string nodeSelector: additionalProperties: type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object x-kubernetes-map-type: atomic os: + description: "Specifies the OS of the containers in the pod. Some + pod and container fields are restricted if this is set. \n If + the OS field is set to linux, the following fields must be unset: + -securityContext.windowsOptions \n If the OS field is set to windows, + following fields must be unset: - spec.hostPID - spec.hostIPC + - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile + - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy + - spec.securityContext.sysctls - spec.shareProcessNamespace - + spec.securityContext.runAsUser - spec.securityContext.runAsGroup + - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem - + spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup" properties: name: + description: 'Name is the name of the operating system. The + currently supported values are linux and windows. Additional + value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values and treat + unrecognized values in this field as os: null' type: string required: - name @@ -5986,75 +12910,271 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Overhead represents the resource overhead associated + with running a pod for a given RuntimeClass. This field will be + autopopulated at admission time by the RuntimeClass admission + controller. If the RuntimeClass admission controller is enabled, + overhead must not be set in Pod create requests. The RuntimeClass + admission controller will reject Pod create requests which have + the overhead already set. If RuntimeClass is configured and selected + in the PodSpec, Overhead will be set to the value defined in the + corresponding RuntimeClass, otherwise it will remain unset and + treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: + description: PreemptionPolicy is the Policy for preempting pods + with lower priority. One of Never, PreemptLowerPriority. Defaults + to PreemptLowerPriority if unset. type: string priority: + description: The priority value. Various system components use this + field to find the priority of the pod. When Priority Admission + Controller is enabled, it prevents users from setting this field. + The admission controller populates this field from PriorityClassName. + The higher the value, the higher the priority. format: int32 type: integer priorityClassName: + description: If specified, indicates the pod's priority. "system-node-critical" + and "system-cluster-critical" are two special keywords which indicate + the highest priorities with the former being the highest priority. + Any other name must be defined by creating a PriorityClass object + with that name. If not specified, the pod priority will be default + or zero if there is no default. type: string readinessGates: + description: 'If specified, all readiness gates will be evaluated + for pod readiness. A pod is ready when all its containers are + ready AND all conditions specified in the readiness gates have + status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: + description: PodReadinessGate contains the reference to a pod + condition properties: conditionType: + description: ConditionType refers to a condition in the pod's + condition list with matching type. type: string required: - conditionType type: object type: array + resourceClaims: + description: "ResourceClaims defines which ResourceClaims must be + allocated and reserved before the Pod is allowed to start. The + resources will be made available to those containers which consume + them by name. \n This is an alpha field and requires enabling + the DynamicResourceAllocation feature gate. \n This field is immutable." + items: + description: PodResourceClaim references exactly one ResourceClaim + through a ClaimSource. It adds a name to it that uniquely identifies + the ResourceClaim inside the Pod. Containers that need access + to the ResourceClaim reference it with this name. + properties: + name: + description: Name uniquely identifies this resource claim + inside the pod. This must be a DNS_LABEL. + type: string + source: + description: Source describes where to find the ResourceClaim. + properties: + resourceClaimName: + description: ResourceClaimName is the name of a ResourceClaim + object in the same namespace as this pod. + type: string + resourceClaimTemplateName: + description: "ResourceClaimTemplateName is the name of + a ResourceClaimTemplate object in the same namespace + as this pod. \n The template will be used to create + a new ResourceClaim, which will be bound to this pod. + When this pod is deleted, the ResourceClaim will also + be deleted. The name of the ResourceClaim will be -, where is the + PodResourceClaim.Name. Pod validation will reject the + pod if the concatenated name is not valid for a ResourceClaim + (e.g. too long). \n An existing ResourceClaim with that + name that is not owned by the pod will not be used for + the pod to avoid using an unrelated resource by mistake. + Scheduling and pod startup are then blocked until the + unrelated ResourceClaim is removed. \n This field is + immutable and no changes will be made to the corresponding + ResourceClaim by the control plane after creating the + ResourceClaim." + type: string + type: object + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map restartPolicy: + description: 'Restart policy for all containers within the pod. + One of Always, OnFailure, Never. Default to Always. More info: + https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' type: string runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in + the node.k8s.io group, which should be used to run this pod. If + no RuntimeClass resource matches the named class, the pod will + not be run. If unset or empty, the "legacy" RuntimeClass will + be used, which is an implicit class with an empty definition that + uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: + description: If specified, the pod will be dispatched by specified + scheduler. If not specified, the pod will be dispatched by default + scheduler. type: string + schedulingGates: + description: "SchedulingGates is an opaque list of values that if + specified will block scheduling the pod. More info: https://git.k8s.io/enhancements/keps/sig-scheduling/3521-pod-scheduling-readiness. + \n This is an alpha-level feature enabled by PodSchedulingReadiness + feature gate." + items: + description: PodSchedulingGate is associated to a Pod to guard + its scheduling. + properties: + name: + description: Name of the scheduling gate. Each scheduling + gate must have a unique name field. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map securityContext: + description: 'SecurityContext holds pod-level security attributes + and common container settings. Optional: Defaults to empty. See + type description for default values of each field.' properties: fsGroup: + description: "A special supplemental group that applies to all + containers in a pod. Some volume types allow the Kubelet to + change the ownership of that volume to be owned by the pod: + \n 1. The owning GID will be the FSGroup 2. The setgid bit + is set (new files created in the volume will be owned by FSGroup) + 3. The permission bits are OR'd with rw-rw---- \n If unset, + the Kubelet will not modify the ownership and permissions + of any volume. Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of changing + ownership and permission of the volume before being exposed + inside Pod. This field will only apply to volume types which + support fsGroup based ownership(and permissions). It will + have no effect on ephemeral volume types such as: secret, + configmaps and emptydir. Valid values are "OnRootMismatch" + and "Always". If not specified, "Always" is used. Note that + this field cannot be set when spec.os.name is windows.' type: string runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be set in + SecurityContext. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence for + that container. Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer runAsNonRoot: + description: Indicates that the container must run as a non-root + user. If true, the Kubelet will validate the image at runtime + to ensure that it does not run as UID 0 (root) and fail to + start the container if it does. If unset or false, no such + validation will be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. type: boolean runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this field + cannot be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: + description: The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random + SELinux context for each container. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. properties: level: + description: Level is SELinux level label that applies to + the container. type: string role: + description: Role is a SELinux role label that applies to + the container. type: string type: + description: Type is a SELinux type label that applies to + the container. type: string user: + description: User is a SELinux user label that applies to + the container. type: string type: object seccompProfile: + description: The seccomp options to use by the containers in + this pod. Note that this field cannot be set when spec.os.name + is windows. properties: localhostProfile: + description: localhostProfile indicates a profile defined + in a file on the node should be used. The profile must + be preconfigured on the node to work. Must be a descending + path, relative to the kubelet's configured seccomp profile + location. Must only be set if type is "Localhost". type: string type: + description: "type indicates which kind of seccomp profile + will be applied. Valid options are: \n Localhost - a profile + defined in a file on the node should be used. RuntimeDefault + - the container runtime default profile should be used. + Unconfined - no profile should be applied." type: string required: - type type: object supplementalGroups: + description: A list of groups applied to the first process run + in each container, in addition to the container's primary + GID, the fsGroup (if specified), and group memberships defined + in the container image for the uid of the container process. + If unspecified, no additional groups are added to any container. + Note that group memberships defined in the container image + for the uid of the container process are still effective, + even if they are not included in this list. Note that this + field cannot be set when spec.os.name is windows. items: format: int64 type: integer type: array sysctls: + description: Sysctls hold a list of namespaced sysctls used + for the pod. Pods with unsupported sysctls (by the container + runtime) might fail to launch. Note that this field cannot + be set when spec.os.name is windows. items: + description: Sysctl defines a kernel parameter to be set properties: name: + description: Name of a property to set type: string value: + description: Value of a property to set type: string required: - name @@ -6062,59 +13182,165 @@ spec: type: object type: array windowsOptions: + description: The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext + will be used. If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is linux. properties: gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA admission + webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec named + by the GMSACredentialSpecName field. type: string gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name of the GMSA + credential spec to use. type: string hostProcess: + description: HostProcess determines if a container should + be run as a 'Host Process' container. This field is alpha-level + and will only be honored by components that enable the + WindowsHostProcessContainers feature flag. Setting this + field without the feature flag will result in errors when + validating the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true then + HostNetwork must also be set to true. type: boolean runAsUserName: + description: The UserName in Windows to run the entrypoint + of the container process. Defaults to the user specified + in image metadata if unspecified. May also be set in PodSecurityContext. + If set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. type: string type: object type: object serviceAccount: + description: 'DeprecatedServiceAccount is a depreciated alias for + ServiceAccountName. Deprecated: Use serviceAccountName instead.' type: string serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount + to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' type: string setHostnameAsFQDN: + description: If true the pod's hostname will be configured as the + pod's FQDN, rather than the leaf name (the default). In Linux + containers, this means setting the FQDN in the hostname field + of the kernel (the nodename field of struct utsname). In Windows + containers, this means setting the registry value of hostname + for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters + to FQDN. If a pod does not have FQDN, this has no effect. Default + to false. type: boolean shareProcessNamespace: + description: 'Share a single process namespace between all of the + containers in a pod. When this is set containers will be able + to view and signal processes from other containers in the same + pod, and the first process in each container will not be assigned + PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: + Default to false.' type: boolean subdomain: + description: If specified, the fully qualified Pod hostname will + be "...svc.". + If not specified, the pod will not have a domainname at all. type: string terminationGracePeriodSeconds: + description: Optional duration in seconds the pod needs to terminate + gracefully. May be decreased in delete request. Value must be + non-negative integer. The value zero indicates stop immediately + via the kill signal (no opportunity to shut down). If this value + is nil, the default grace period will be used instead. The grace + period is the duration in seconds after the processes running + in the pod are sent a termination signal and the time when the + processes are forcibly halted with a kill signal. Set this value + longer than the expected cleanup time for your process. Defaults + to 30 seconds. format: int64 type: integer tolerations: + description: If specified, the pod's tolerations. items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using the + matching operator . properties: effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. type: string operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to + Equal. Exists is equivalent to wildcard for value, so that + a pod can tolerate all taints of a particular category. type: string tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do + not evict). Zero and negative values will be treated as + 0 (evict immediately) by the system. format: int64 type: integer value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string type: object type: array topologySpreadConstraints: + description: TopologySpreadConstraints describes how a group of + pods ought to spread across topology domains. Scheduler will schedule + pods in a way which abides by the constraints. All topologySpreadConstraints + are ANDed. items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. properties: labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. properties: matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. properties: key: + description: key is the label key that the selector + applies to. type: string operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. items: type: string type: array @@ -6126,14 +13352,123 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to + select the pods over which spreading will be calculated. + The keys are used to lookup values from the incoming pod + labels, those key-value labels are ANDed with labelSelector + to select the group of existing pods over which spreading + will be calculated for the incoming pod. Keys that don't + exist in the incoming pod labels will be ignored. A null + or empty list means only match against labelSelector. + items: + type: string + type: array + x-kubernetes-list-type: atomic maxSkew: + description: 'MaxSkew describes the degree to which pods may + be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global minimum. + The global minimum is the minimum number of matching pods + in an eligible domain or zero if the number of eligible + domains is less than MinDomains. For example, in a 3-zone + cluster, MaxSkew is set to 1, and pods with the same labelSelector + spread as 2/2/1: In this case, the global minimum is 1. + | zone1 | zone2 | zone3 | | P P | P P | P | - if + MaxSkew is 1, incoming pod can only be scheduled to zone3 + to become 2/2/2; scheduling it onto zone1(zone2) would make + the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). + - if MaxSkew is 2, incoming pod can be scheduled onto any + zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used + to give higher precedence to topologies that satisfy it. + It''s a required field. Default value is 1 and 0 is not + allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible + domains. When the number of eligible domains with matching + topology keys is less than minDomains, Pod Topology Spread + treats \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of eligible domains + with matching topology keys equals or greater than minDomains, + this value has no effect on scheduling. As a result, when + the number of eligible domains is less than minDomains, + scheduler won't schedule more than maxSkew Pods to those + domains. If value is nil, the constraint behaves as if MinDomains + is equal to 1. Valid values are integers greater than 0. + When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + \n For example, in a 3-zone cluster, MaxSkew is set to 2, + MinDomains is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P + P | P P | The number of domains is less than 5(MinDomains), + so \"global minimum\" is treated as 0. In this situation, + new pod with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new Pod is scheduled + to any of the three zones, it will violate MaxSkew. \n This + is a beta field and requires the MinDomainsInPodTopologySpread + feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat + Pod's nodeAffinity/nodeSelector when calculating pod topology + spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector + are included in the calculations. - Ignore: nodeAffinity/nodeSelector + are ignored. All nodes are included in the calculations. + \n If this value is nil, the behavior is equivalent to the + Honor policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat + node taints when calculating pod topology spread skew. Options + are: - Honor: nodes without taints, along with tainted nodes + for which the incoming pod has a toleration, are included. + - Ignore: node taints are ignored. All nodes are included. + \n If this value is nil, the behavior is equivalent to the + Ignore policy. This is a beta-level feature default enabled + by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible domain + as a domain whose nodes meet the requirements of nodeAffinityPolicy + and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, if TopologyKey + is "topology.kubernetes.io/zone", each zone is a domain + of that topology. It's a required field. type: string whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule + (default) tells the scheduler not to schedule it. - ScheduleAnyway + tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help + reduce the skew. A constraint is considered "Unsatisfiable" + for an incoming pod if and only if every possible node assignment + for that pod would violate "MaxSkew" on some topology. For + example, in a 3-zone cluster, MaxSkew is set to 1, and pods + with the same labelSelector spread as 3/1/1: | zone1 | zone2 + | zone3 | | P P P | P | P | If WhenUnsatisfiable + is set to DoNotSchedule, incoming pod can only be scheduled + to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) + on zone2(zone3) satisfies MaxSkew(1). In other words, the + cluster can still be imbalanced, but scheduler won''t make + it *more* imbalanced. It''s a required field.' type: string required: - maxSkew @@ -6146,104 +13481,229 @@ spec: - whenUnsatisfiable x-kubernetes-list-type: map volumes: + description: 'List of volumes that can be mounted by containers + belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' items: + description: Volume represents a named volume in a pod that may + be accessed by any container in the pod. properties: awsElasticBlockStore: + description: 'awsElasticBlockStore represents an AWS Disk + resource that is attached to a kubelet''s host machine and + then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty).' format: int32 type: integer readOnly: + description: 'readOnly value true will force the readOnly + setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: + description: 'volumeID is unique ID of the persistent + disk resource in AWS (Amazon EBS volume). More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: + description: azureDisk represents an Azure Data Disk mount + on the host and bind mount to the pod. properties: cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' type: string diskName: + description: diskName is the Name of the data disk in + the blob storage type: string diskURI: + description: diskURI is the URI of data disk in the blob + storage type: string fsType: + description: fsType is Filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to + shared' type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean required: - diskName - diskURI type: object azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. properties: readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key type: string shareName: + description: shareName is the azure share Name type: string required: - secretName - shareName type: object cephfs: + description: cephFS represents a Ceph FS mount on the host + that shares a pod's lifetime properties: monitors: + description: 'monitors is Required: Monitors is a collection + of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' type: string readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: + description: 'secretFile is Optional: SecretFile is the + path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: + description: 'secretRef is Optional: SecretRef is reference + to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is optional: User is the rados user + name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: + description: 'cinder represents a cinder volume attached and + mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Examples: "ext4", "xfs", "ntfs". Implicitly + inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: + description: 'secretRef is optional: points to a secret + object containing parameters used to connect to OpenStack.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeID: + description: 'volumeID used to identify the volume in + cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: + description: configMap represents a configMap that should + populate this volume properties: defaultMode: + description: 'defaultMode is optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: items if unspecified, each key-value pair + in the Data field of the referenced ConfigMap will be + projected into the volume as a file whose name is the + key and content is the value. If specified, the listed + keys will be projected into the specified paths, and + unlisted keys will not be present. If a key is specified + which is not present in the ConfigMap, the volume setup + will error unless it is marked optional. Paths must + be relative and may not contain the '..' path or start + with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. type: string required: - key @@ -6251,121 +13711,368 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' type: string optional: + description: optional specify whether the ConfigMap or + its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external CSI + drivers (Beta feature). properties: driver: + description: driver is the name of the CSI driver that + handles this volume. Consult with your admin for the + correct name as registered in the cluster. type: string fsType: + description: fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated + CSI driver which will determine the default filesystem + to apply. type: string nodePublishSecretRef: + description: nodePublishSecretRef is a reference to the + secret object containing sensitive information to pass + to the CSI driver to complete the CSI NodePublishVolume + and NodeUnpublishVolume calls. This field is optional, + and may be empty if no secret is required. If the secret + object contains more than one secret, all secret references + are passed. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic readOnly: + description: readOnly specifies a read-only configuration + for the volume. Defaults to false (read/write). type: boolean volumeAttributes: additionalProperties: type: string + description: volumeAttributes stores driver-specific properties + that are passed to the CSI driver. Consult your driver's + documentation for supported values. type: object required: - driver type: object downwardAPI: + description: downwardAPI represents downward API about the + pod that should populate this volume properties: defaultMode: + description: 'Optional: mode bits to use on created files + by default. Must be a Optional: mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Defaults to 0644. Directories within the path are not + affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: Items is a list of downward API volume file items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field properties: fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' properties: apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". type: string fieldPath: + description: Path of the field to select in + the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used to set permissions + on this file, must be an octal value between 0000 + and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON + requires decimal values for mode bits. If not + specified, the volume defaultMode will be used. + This might be in conflict with other options that + affect the file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, requests.cpu and requests.memory) + are currently supported.' properties: containerName: + description: 'Container name: required for volumes, + optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object emptyDir: + description: 'emptyDir represents a temporary directory that + shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: + description: 'medium represents what type of storage medium + should back this directory. The default is "" which + means to use the node''s default medium. Must be an + empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string + description: 'sizeLimit is the total amount of local storage + required for this EmptyDir volume. The size limit is + also applicable for memory medium. The maximum usage + on memory medium EmptyDir would be the minimum value + between the SizeLimit specified here and the sum of + memory limits of all containers in a pod. The default + is nil which means that the limit is undefined. More + info: http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: + description: "ephemeral represents a volume that is handled + by a cluster storage driver. The volume's lifecycle is tied + to the pod that defines it - it will be created before the + pod starts, and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot + or capacity tracking are needed, c) the storage driver is + specified through a storage class, and d) the storage driver + supports dynamic volume provisioning through a PersistentVolumeClaim + (see EphemeralVolumeSource for more information on the connection + between this volume type and PersistentVolumeClaim). \n + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. \n Use CSI for light-weight local + ephemeral volumes if the CSI driver is meant to be used + that way - see the documentation of the driver for more + information. \n A pod can use both types of ephemeral volumes + and persistent volumes at the same time." properties: volumeClaimTemplate: + description: "Will be used to create a stand-alone PVC + to provision the volume. The pod in which this EphemeralVolumeSource + is embedded will be the owner of the PVC, i.e. the PVC + will be deleted together with the pod. The name of + the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated + name is not valid for a PVC (for example, too long). + \n An existing PVC with that name that is not owned + by the pod will *not* be used for the pod to avoid using + an unrelated volume by mistake. Starting the pod is + then blocked until the unrelated PVC is removed. If + such a pre-created PVC is meant to be used by the pod, + the PVC has to updated with an owner reference to the + pod once the pod exists. Normally this should not be + necessary, but it may be useful when manually reconstructing + a broken cluster. \n This field is read-only and no + changes will be made by Kubernetes to the PVC after + it has been created. \n Required, must not be nil." properties: metadata: + description: May contain labels and annotations that + will be copied into the PVC when creating it. No + other fields are allowed and will be rejected during + validation. type: object spec: + description: The specification for the PersistentVolumeClaim. + The entire content is copied unchanged into the + PVC that gets created from this template. The same + fields as in a PersistentVolumeClaim are also valid + here. properties: accessModes: + description: 'accessModes contains the desired + access modes the volume should have. More info: + https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: + description: 'dataSource field can be used to + specify either: * An existing VolumeSnapshot + object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) If + the provisioner or an external controller can + support the specified data source, it will create + a new volume based on the contents of the specified + data source. When the AnyVolumeDataSource feature + gate is enabled, dataSource contents will be + copied to dataSourceRef, and dataSourceRef contents + will be copied to dataSource when dataSourceRef.namespace + is not specified. If the namespace is specified, + then dataSourceRef will not be copied to dataSource.' properties: apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced type: string required: - kind - name type: object + x-kubernetes-map-type: atomic dataSourceRef: + description: 'dataSourceRef specifies the object + from which to populate the volume with data, + if a non-empty volume is desired. This may be + any object from a non-empty API group (non core + object) or a PersistentVolumeClaim object. When + this field is specified, volume binding will + only succeed if the type of the specified object + matches some installed volume populator or dynamic + provisioner. This field will replace the functionality + of the dataSource field and as such if both + fields are non-empty, they must have the same + value. For backwards compatibility, when namespace + isn''t specified in dataSourceRef, both fields + (dataSource and dataSourceRef) will be set to + the same value automatically if one of them + is empty and the other is non-empty. When namespace + is specified in dataSourceRef, dataSource isn''t + set to the same value and must be empty. There + are three important differences between dataSource + and dataSourceRef: * While dataSource only allows + two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim + objects. * While dataSource ignores disallowed + values (dropping them), dataSourceRef preserves + all values, and generates an error if a disallowed + value is specified. * While dataSource only + allows local objects, dataSourceRef allows objects + in any namespaces. (Beta) Using this field requires + the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef + requires the CrossNamespaceVolumeDataSource + feature gate to be enabled.' properties: apiGroup: + description: APIGroup is the group for the + resource being referenced. If APIGroup is + not specified, the specified Kind must be + in the core API group. For any other third-party + types, APIGroup is required. type: string kind: + description: Kind is the type of resource + being referenced type: string name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: Namespace is the namespace of + resource being referenced Note that when + a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant + object is required in the referent namespace + to allow that namespace's owner to accept + the reference. See the ReferenceGrant documentation + for details. (Alpha) This field requires + the CrossNamespaceVolumeDataSource feature + gate to be enabled. type: string required: - kind - name type: object resources: + description: 'resources represents the minimum + resources the volume should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed to specify + resource requirements that are lower than previous + value but must still be higher than capacity + recorded in the status field of the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: + claims: + description: "Claims lists the names of resources, + defined in spec.resourceClaims, that are + used by this container. \n This is an alpha + field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name + of one entry in pod.spec.resourceClaims + of the Pod where this field is used. + It makes that resource available inside + a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -6373,6 +14080,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Limits describes the maximum + amount of compute resources allowed. More + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6381,18 +14091,46 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true + description: 'Requests describes the minimum + amount of compute resources required. If + Requests is omitted for a container, it + defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: + description: selector is a label query over volumes + to consider for binding. properties: matchExpressions: + description: matchExpressions is a list of + label selector requirements. The requirements + are ANDed. items: + description: A label selector requirement + is a selector that contains values, a + key, and an operator that relates the + key and values. properties: key: + description: key is the label key that + the selector applies to. type: string operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. type: string values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. items: type: string type: array @@ -6404,13 +14142,28 @@ spec: matchLabels: additionalProperties: type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only + "value". The requirements are ANDed. type: object type: object + x-kubernetes-map-type: atomic storageClassName: + description: 'storageClassName is the name of + the StorageClass required by the claim. More + info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: + description: volumeMode defines what type of volume + is required by the claim. Value of Filesystem + is implied when not included in claim spec. type: string volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. type: string type: object required: @@ -6418,125 +14171,264 @@ spec: type: object type: object fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to + the pod. properties: fsType: + description: 'fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising the machine' type: string lun: + description: 'lun is Optional: FC target lun number' format: int32 type: integer readOnly: + description: 'readOnly is Optional: Defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' items: type: string type: array wwids: + description: 'wwids Optional: FC volume world wide identifiers + (wwids) Either wwids or combination of targetWWNs and + lun must be set, but not both simultaneously.' items: type: string type: array type: object flexVolume: + description: flexVolume represents a generic volume resource + that is provisioned/attached using an exec based plugin. properties: driver: + description: driver is the name of the driver to use for + this volume. type: string fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". The default filesystem + depends on FlexVolume script. type: string options: additionalProperties: type: string + description: 'options is Optional: this field holds extra + command options if any.' type: object readOnly: + description: 'readOnly is Optional: defaults to false + (read/write). ReadOnly here will force the ReadOnly + setting in VolumeMounts.' type: boolean secretRef: + description: 'secretRef is Optional: secretRef is reference + to the secret object containing sensitive information + to pass to the plugin scripts. This may be empty if + no secret object is specified. If the secret object + contains more than one secret, all secrets are passed + to the plugin scripts.' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic required: - driver type: object flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running properties: datasetName: + description: datasetName is Name of the dataset stored + as metadata -> name on the dataset for Flocker should + be considered as deprecated type: string datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset type: string type: object gcePersistentDisk: + description: 'gcePersistentDisk represents a GCE Disk resource + that is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: + description: 'fsType is filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string partition: + description: 'partition is the partition in the volume + that you want to mount. If omitted, the default is to + mount by volume name. Examples: For volume /dev/sda1, + you specify the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can leave the + property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: + description: 'pdName is unique name of the PD resource + in GCE. Used to identify the disk in GCE. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean required: - pdName type: object gitRepo: + description: 'gitRepo represents a git repository at a particular + revision. DEPRECATED: GitRepo is deprecated. To provision + a container with a git repo, mount an EmptyDir into an InitContainer + that clones the repo using git, then mount the EmptyDir + into the Pod''s container.' properties: directory: + description: directory is the target directory name. Must + not contain or start with '..'. If '.' is supplied, + the volume directory will be the git repository. Otherwise, + if specified, the volume will contain the git repository + in the subdirectory with the given name. type: string repository: + description: repository is the URL type: string revision: + description: revision is the commit hash for the specified + revision. type: string required: - repository type: object glusterfs: + description: 'glusterfs represents a Glusterfs mount on the + host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: + description: 'endpoints is the endpoint name that details + Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: + description: 'path is the Glusterfs volume path. More + info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: + description: 'readOnly here will force the Glusterfs volume + to be mounted with read-only permissions. Defaults to + false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: boolean required: - endpoints - path type: object hostPath: + description: 'hostPath represents a pre-existing file or directory + on the host machine that is directly exposed to the container. + This is generally used for system agents or other privileged + things that are allowed to see the host machine. Most containers + will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- TODO(jonesdl) We need to restrict who can use host directory + mounts and who can/can not mount host directories as read/write.' properties: path: + description: 'path of the directory on the host. If the + path is a symlink, it will follow the link to the real + path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: + description: 'type for HostPath Volume Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: + description: 'iscsi represents an ISCSI Disk resource that + is attached to a kubelet''s host machine and then exposed + to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication type: boolean chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication type: boolean fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string initiatorName: + description: initiatorName is the custom iSCSI Initiator + Name. If initiatorName is specified with iscsiInterface + simultaneously, new iSCSI interface : will be created for the connection. type: string iqn: + description: iqn is the target iSCSI Qualified Name. type: string iscsiInterface: + description: iscsiInterface is the interface Name that + uses an iSCSI transport. Defaults to 'default' (tcp). type: string lun: + description: lun represents iSCSI Target Lun number. format: int32 type: integer portals: + description: portals is the iSCSI Target Portal List. + The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: + description: readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. type: boolean secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic targetPortal: + description: targetPortal is iSCSI Target Portal. The + Portal is either an IP or ip_addr:port if the port is + other than default (typically TCP ports 860 and 3260). type: string required: - iqn @@ -6544,67 +14436,150 @@ spec: - targetPortal type: object name: + description: 'name of the volume. Must be a DNS_LABEL and + unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: + description: 'nfs represents an NFS mount on the host that + shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: + description: 'path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: + description: 'readOnly here will force the NFS export + to be mounted with read-only permissions. Defaults to + false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: + description: 'server is the hostname or IP address of + the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: - path - server type: object persistentVolumeClaim: + description: 'persistentVolumeClaimVolumeSource represents + a reference to a PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: + description: 'claimName is the name of a PersistentVolumeClaim + in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: + description: readOnly Will force the ReadOnly setting + in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk type: string required: - pdID type: object portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine properties: fsType: + description: fSType represents the filesystem type to + mount Must be a filesystem type supported by the host + operating system. Ex. "ext4", "xfs". Implicitly inferred + to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: + description: projected items for all in one resources secrets, + configmaps, and downward API properties: defaultMode: + description: defaultMode are the mode bits used to set + permissions on created files by default. Must be an + octal value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this + setting. This might be in conflict with other options + that affect the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: + description: sources is the list of volume projections items: + description: Projection that may be projected along + with other supported volume types properties: configMap: + description: configMap information about the configMap + data to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced ConfigMap + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the ConfigMap, the + volume setup will error unless it is marked + optional. Paths must be relative and may not + contain the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. type: string required: - key @@ -6612,60 +14587,147 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional specify whether the ConfigMap + or its keys must be defined type: boolean type: object + x-kubernetes-map-type: atomic downwardAPI: + description: downwardAPI information about the downwardAPI + data to project properties: items: + description: Items is a list of DownwardAPIVolume + file items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field properties: fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' properties: apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". type: string fieldPath: + description: Path of the field to + select in the specified API version. type: string required: - fieldPath type: object + x-kubernetes-map-type: atomic mode: + description: 'Optional: mode bits used + to set permissions on this file, must + be an octal value between 0000 and 0777 + or a decimal value between 0 and 511. + YAML accepts both octal and decimal + values, JSON requires decimal values + for mode bits. If not specified, the + volume defaultMode will be used. This + might be in conflict with other options + that affect the file mode, like fsGroup, + and the result can be other mode bits + set.' format: int32 type: integer path: + description: 'Required: Path is the relative + path name of the file to be created. + Must not be absolute or contain the + ''..'' path. Must be utf-8 encoded. + The first item of the relative path + must not start with ''..''' type: string resourceFieldRef: + description: 'Selects a resource of the + container: only resources limits and + requests (limits.cpu, limits.memory, + requests.cpu and requests.memory) are + currently supported.' properties: containerName: + description: 'Container name: required + for volumes, optional for env vars' type: string divisor: anyOf: - type: integer - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true resource: + description: 'Required: resource to + select' type: string required: - resource type: object + x-kubernetes-map-type: atomic required: - path type: object type: array type: object secret: + description: secret information about the secret + data to project properties: items: + description: items if unspecified, each key-value + pair in the Data field of the referenced Secret + will be projected into the volume as a file + whose name is the key and content is the value. + If specified, the listed keys will be projected + into the specified paths, and unlisted keys + will not be present. If a key is specified + which is not present in the Secret, the volume + setup will error unless it is marked optional. + Paths must be relative and may not contain + the '..' path or start with '..'. items: + description: Maps a string key to a path within + a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits + used to set permissions on this file. + Must be an octal value between 0000 + and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal + values for mode bits. If not specified, + the volume defaultMode will be used. + This might be in conflict with other + options that affect the file mode, like + fsGroup, and the result can be other + mode bits set.' format: int32 type: integer path: + description: path is the relative path + of the file to map the key to. May not + be an absolute path. May not contain + the path element '..'. May not start + with the string '..'. type: string required: - key @@ -6673,18 +14735,45 @@ spec: type: object type: array name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' type: string optional: + description: optional field specify whether + the Secret or its key must be defined type: boolean type: object + x-kubernetes-map-type: atomic serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project properties: audience: + description: audience is the intended audience + of the token. A recipient of a token must + identify itself with an identifier specified + in the audience of the token, and otherwise + should reject the token. The audience defaults + to the identifier of the apiserver. type: string expirationSeconds: + description: expirationSeconds is the requested + duration of validity of the service account + token. As the token approaches expiration, + the kubelet volume plugin will proactively + rotate the service account token. The kubelet + will start trying to rotate the token if the + token is older than 80 percent of its time + to live or if the token is older than 24 hours.Defaults + to 1 hour and must be at least 10 minutes. format: int64 type: integer path: + description: path is the path relative to the + mount point of the file to project the token + into. type: string required: - path @@ -6693,74 +14782,150 @@ spec: type: array type: object quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime properties: group: + description: group to map volume access to Default is + no group type: string readOnly: + description: readOnly here will force the Quobyte volume + to be mounted with read-only permissions. Defaults to + false. type: boolean registry: + description: registry represents a single or multiple + Quobyte Registry services specified as a string as host:port + pair (multiple entries are separated with commas) which + acts as the central registry for volumes type: string tenant: + description: tenant owning the given Quobyte volume in + the Backend Used with dynamically provisioned Quobyte + volumes, value is set by the plugin type: string user: + description: user to map volume access to Defaults to + serivceaccount user type: string volume: + description: volume is a string that references an already + created Quobyte volume by name. type: string required: - registry - volume type: object rbd: + description: 'rbd represents a Rados Block Device mount on + the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: + description: 'fsType is the filesystem type of the volume + that you want to mount. Tip: Ensure that the filesystem + type is supported by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" + if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from + compromising the machine' type: string image: + description: 'image is the rados image name. More info: + https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: + description: 'keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: + description: 'monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: + description: 'pool is the rados pool name. Default is + rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: + description: 'readOnly here will force the ReadOnly setting + in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: + description: 'secretRef is name of the authentication + secret for RBDUser. If provided overrides keyring. Default + is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic user: + description: 'user is the rados user name. Default is + admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". type: string gateway: + description: gateway is the host address of the ScaleIO + API Gateway. type: string protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. type: string readOnly: + description: readOnly Defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef references to the secret for ScaleIO + user and other sensitive information. If this is not + provided, Login operation will fail. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false type: boolean storageMode: + description: storageMode indicates whether the storage + for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. type: string storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. type: string system: + description: system is the name of the storage system + as configured in ScaleIO. type: string volumeName: + description: volumeName is the name of a volume already + created in the ScaleIO system that is associated with + this volume source. type: string required: - gateway @@ -6768,19 +14933,54 @@ spec: - system type: object secret: + description: 'secret represents a secret that should populate + this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: + description: 'defaultMode is Optional: mode bits used + to set permissions on created files by default. Must + be an octal value between 0000 and 0777 or a decimal + value between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for mode + bits. Defaults to 0644. Directories within the path + are not affected by this setting. This might be in conflict + with other options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer items: + description: items If unspecified, each key-value pair + in the Data field of the referenced Secret will be projected + into the volume as a file whose name is the key and + content is the value. If specified, the listed keys + will be projected into the specified paths, and unlisted + keys will not be present. If a key is specified which + is not present in the Secret, the volume setup will + error unless it is marked optional. Paths must be relative + and may not contain the '..' path or start with '..'. items: + description: Maps a string key to a path within a volume. properties: key: + description: key is the key to project. type: string mode: + description: 'mode is Optional: mode bits used to + set permissions on this file. Must be an octal + value between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal and + decimal values, JSON requires decimal values for + mode bits. If not specified, the volume defaultMode + will be used. This might be in conflict with other + options that affect the file mode, like fsGroup, + and the result can be other mode bits set.' format: int32 type: integer path: + description: path is the relative path of the file + to map the key to. May not be an absolute path. + May not contain the path element '..'. May not + start with the string '..'. type: string required: - key @@ -6788,35 +14988,77 @@ spec: type: object type: array optional: + description: optional field specify whether the Secret + or its keys must be defined type: boolean secretName: + description: 'secretName is the name of the secret in + the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. properties: fsType: + description: fsType is the filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string readOnly: + description: readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: + description: secretRef specifies the secret to use for + obtaining the StorageOS API credentials. If not specified, + default values will be attempted. properties: name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' type: string type: object + x-kubernetes-map-type: atomic volumeName: + description: volumeName is the human-readable name of + the StorageOS volume. Volume names are only unique + within a namespace. type: string volumeNamespace: + description: volumeNamespace specifies the scope of the + volume within StorageOS. If no namespace is specified + then the Pod's namespace will be used. This allows + the Kubernetes name scoping to be mirrored within StorageOS + for tighter integration. Set VolumeName to any name + to override the default behaviour. Set to "default" + if you are not using namespaces within StorageOS. Namespaces + that do not pre-exist within StorageOS will be created. type: string type: object vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine properties: fsType: + description: fsType is filesystem type to mount. Must + be a filesystem type supported by the host operating + system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. type: string storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. type: string storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. type: string volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk type: string required: - volumePath @@ -6829,8 +15071,11 @@ spec: - containers type: object timeout: + description: Timeout defines the maximum amount of time the Serving + should take to execute before the Serving is running. type: string tracing: + description: Tracing is the config of tracing. properties: baggage: additionalProperties: @@ -6870,22 +15115,28 @@ spec: type: string type: object required: - - baggage - enabled - provider type: object triggers: + description: Triggers used to trigger the Function. properties: dapr: items: properties: inputName: + description: 'Deprecated: Only for compatibility with v1beta1' type: string name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string topic: type: string type: + description: Type is the type of the component, if it is not + set, controller will get it automatically. type: string required: - name @@ -6893,18 +15144,33 @@ spec: type: array http: properties: + engine: + description: Http function runtime engine, can be set to knative + or keda, default to knative if not set + type: string port: + description: The port on which the function will be invoked format: int32 type: integer route: + description: Information needed to make HTTPRoute. Will attempt + to make HTTPRoute using the default Gateway resource if Route + is nil. properties: gatewayRef: + description: GatewayRef references the Gateway resources + that a Route wants to be attached to. properties: name: + description: Name is the name of the referent. It refers + to the name of a Gateway resource. maxLength: 253 minLength: 1 type: string namespace: + description: Namespace is the namespace of the referent. + When unspecified, this refers to the local namespace + of the Route. maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ @@ -6914,7 +15180,23 @@ spec: - namespace type: object hostnames: + description: Hostnames defines a set of hostname that should + match against the HTTP Host header to select a HTTPRoute + to process the request. items: + description: "Hostname is the fully qualified domain name + of a network host. This matches the RFC 1123 definition + of a hostname with 2 notable exceptions: \n 1. IPs are + not allowed. 2. A hostname may be prefixed with a wildcard + label (`*.`). The wildcard label must appear by itself + as the first label. \n Hostname can be \"precise\" which + is a domain name without the terminating dot of a network + host (e.g. \"foo.example.com\") or \"wildcard\", which + is a domain name prefixed with a single wildcard label + (e.g. `*.example.com`). \n Note that as per RFC1035 + and RFC1123, a *label* must consist of lower case alphanumeric + characters or '-', and must start and end with an alphanumeric + character. No other punctuation is allowed." maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ @@ -6922,26 +15204,75 @@ spec: maxItems: 16 type: array rules: + description: Rules are a list of HTTP matchers, filters + and actions. items: + description: HTTPRouteRule defines semantics for matching + an HTTP request based on conditions (matches), processing + it (filters), and forwarding the request to an API object + (backendRefs). properties: backendRefs: + description: "If unspecified or invalid (refers to + a non-existent resource or a Service with no endpoints), + the rule performs no forwarding. If there are also + no filters specified that would result in a response + being sent, a HTTP 503 status code is returned. + 503 responses must be sent so that the overall weight + is respected; if an invalid backend is requested + to have 80% of requests, then 80% of requests must + get a 503 instead. \n Support: Core for Kubernetes + Service Support: Custom for any other resource \n + Support for weight: Core" items: + description: HTTPBackendRef defines how a HTTPRoute + should forward an HTTP request. properties: filters: + description: "Filters defined at this level + should be executed if and only if the request + is being forwarded to the backend defined + here. \n Support: Custom (For broader support + of filters, use the Filters field in HTTPRouteRule.)" items: + description: HTTPRouteFilter defines processing + steps that must be completed during the + request or response lifecycle. HTTPRouteFilters + are meant as an extension point to express + processing that may be done in Gateway implementations. + Some examples include request or response + modification, implementing authentication + strategies, rate-limiting, and traffic shaping. + API guarantee/conformance is defined based + on the type of the filter. properties: extensionRef: + description: "ExtensionRef is an optional, + implementation-specific extension to + the \"filter\" behavior. For example, + resource \"myroutefilter\" in group + \"networking.example.net\"). ExtensionRef + MUST NOT be used for core and extended + filters. \n Support: Implementation-specific" properties: group: + description: Group is the group of + the referent. For example, "networking.k8s.io". + When unspecified (empty string), + core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the + referent. maxLength: 253 minLength: 1 type: string @@ -6951,16 +15282,47 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier defines + a schema for a filter that modifies + request headers. \n Support: Core" properties: add: + description: "Add adds the given header(s) + (name, value) to the request before + the action. It appends to any existing + values associated with the header + name. \n Input: GET /foo HTTP/1.1 + my-header: foo \n Config: add: - + name: \"my-header\" value: \"bar\" + \n Output: GET /foo HTTP/1.1 my-header: + foo my-header: bar" items: + description: HTTPHeader represents + an HTTP Header name and value + as defined by RFC 7230. properties: name: + description: "Name is the name + of the HTTP Header to be matched. + Name matching MUST be case + insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify + equivalent header names, the + first entry with an equivalent + name MUST be considered for + a match. Subsequent entries + with an equivalent header + name MUST be ignored. Due + to the case-insensitivity + of header names, \"foo\" and + \"Foo\" are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value + of HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -6974,19 +15336,56 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given header(s) + from the HTTP request before the + action. The value of Remove is a + list of HTTP header names. Note + that the header names are case-insensitive + (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 my-header1: + foo my-header2: bar my-header3: + baz \n Config: remove: [\"my-header1\", + \"my-header3\"] \n Output: GET /foo + HTTP/1.1 my-header2: bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the request + with the given header (name, value) + before the action. \n Input: GET + /foo HTTP/1.1 my-header: foo \n + Config: set: - name: \"my-header\" + value: \"bar\" \n Output: GET /foo + HTTP/1.1 my-header: bar" items: + description: HTTPHeader represents + an HTTP Header name and value + as defined by RFC 7230. properties: name: + description: "Name is the name + of the HTTP Header to be matched. + Name matching MUST be case + insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify + equivalent header names, the + first entry with an equivalent + name MUST be considered for + a match. Subsequent entries + with an equivalent header + name MUST be ignored. Due + to the case-insensitivity + of header names, \"foo\" and + \"Foo\" are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value + of HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7001,30 +15400,87 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines a + schema for a filter that mirrors requests. + Requests are sent to the specified destination, + but responses from that destination + are ignored. \n Support: Extended" properties: backendRef: + description: "BackendRef references + a resource where mirrored requests + are sent. \n If the referent cannot + be found, this BackendRef is invalid + and must be dropped from the Gateway. + The controller must ensure the \"ResolvedRefs\" + condition on the Route status is + set to `status: False` and not configure + this backend in the underlying implementation. + \n If there is a cross-namespace + reference to an *existing* object + that is not allowed by a ReferencePolicy, + the controller must ensure the \"ResolvedRefs\" + \ condition on the Route is set + to `status: False`, with the \"RefNotPermitted\" + reason and not configure this backend + in the underlying implementation. + \n In either error case, the Message + of the `ResolvedRefs` Condition + should be used to provide more detail + about the problem. \n Support: Extended + for Kubernetes Service Support: + Custom for any other resource" properties: group: default: "" + description: Group is the group + of the referent. For example, + "networking.k8s.io". When unspecified + (empty string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the + referent. For example "HTTPRoute" + or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name + of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the + namespace of the backend. When + unspecified, the local namespace + is inferred. \n Note that when + a namespace is specified, a + ReferencePolicy object is required + in the referent namespace to + allow that namespace's owner + to accept the reference. See + the ReferencePolicy documentation + for details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the + destination port number to use + for this resource. Port is required + when the referent is a Kubernetes + Service. For other resources, + destination port might be derived + from the referent resource or + this field. format: int32 maximum: 65535 minimum: 1 @@ -7036,30 +15492,84 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines + a schema for a filter that responds + to the request with an HTTP redirection. + \n Support: Core" properties: hostname: + description: "Hostname is the hostname + to be used in the value of the `Location` + header in the response. When empty, + the hostname of the request is used. + \n Support: Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port to + be used in the value of the `Location` + header in the response. When empty, + port (if specified) of the request + is used. \n Support: Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme + to be used in the value of the `Location` + header in the response. When empty, + the scheme of the request is used. + \n Support: Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the HTTP + status code to be used in response. + \n Support: Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the type + of filter to apply. As with other API + fields, types are classified into three + conformance levels: \n - Core: Filter + types and their corresponding configuration + defined by \"Support: Core\" in this + package, e.g. \"RequestHeaderModifier\". + All implementations must support core + filters. \n - Extended: Filter types + and their corresponding configuration + defined by \"Support: Extended\" in + this package, e.g. \"RequestMirror\". + Implementers are encouraged to support + extended filters. \n - Custom: Filters + that are defined and supported by specific + vendors. In the future, filters showing + convergence in behavior across multiple + implementations will be considered for + inclusion in extended or core conformance + levels. Filter-specific configuration + for such filters is specified using + the ExtensionRef field. `Type` should + be set to \"ExtensionRef\" for custom + filters. \n Implementers are encouraged + to define custom implementation types + to extend the core API with implementation-specific + behavior. \n If a reference to a custom + filter type cannot be resolved, the + filter MUST NOT be skipped. Instead, + requests that would have been processed + by that filter MUST receive a HTTP error + response." enum: - RequestHeaderModifier - RequestMirror @@ -7073,31 +15583,66 @@ spec: type: array group: default: "" + description: Group is the group of the referent. + For example, "networking.k8s.io". When unspecified + (empty string), core API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. For + example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace of + the backend. When unspecified, the local namespace + is inferred. \n Note that when a namespace + is specified, a ReferencePolicy object is + required in the referent namespace to allow + that namespace's owner to accept the reference. + See the ReferencePolicy documentation for + details. \n Support: Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination + port number to use for this resource. Port + is required when the referent is a Kubernetes + Service. For other resources, destination + port might be derived from the referent resource + or this field. format: int32 maximum: 65535 minimum: 1 type: integer weight: default: 1 + description: "Weight specifies the proportion + of requests forwarded to the referenced backend. + This is computed as weight/(sum of all weights + in this BackendRefs list). For non-zero values, + there may be some epsilon from the exact proportion + defined here depending on the precision an + implementation supports. Weight is not a percentage + and the sum of weights does not need to equal + 100. \n If only one backend is specified and + it has a weight greater than 0, 100% of the + traffic is forwarded to that backend. If weight + is set to 0, no traffic should be forwarded + for this entry. If unspecified, weight defaults + to 1. \n Support for this field varies based + on the context where used." format: int32 maximum: 1000000 minimum: 0 @@ -7108,20 +15653,54 @@ spec: maxItems: 16 type: array filters: + description: "Filters define the filters that are + applied to requests that match this rule. \n The + effects of ordering of multiple behaviors are currently + unspecified. This can change in the future based + on feedback during the alpha stage. \n Conformance-levels + at this level are defined based on the type of filter: + \n - ALL core filters MUST be supported by all implementations. + - Implementers are encouraged to support extended + filters. - Implementation-specific custom filters + have no API guarantees across implementations. \n + Specifying a core filter multiple times has unspecified + or custom conformance. \n Support: Core" items: + description: HTTPRouteFilter defines processing + steps that must be completed during the request + or response lifecycle. HTTPRouteFilters are meant + as an extension point to express processing that + may be done in Gateway implementations. Some examples + include request or response modification, implementing + authentication strategies, rate-limiting, and + traffic shaping. API guarantee/conformance is + defined based on the type of the filter. properties: extensionRef: + description: "ExtensionRef is an optional, implementation-specific + extension to the \"filter\" behavior. For + example, resource \"myroutefilter\" in group + \"networking.example.net\"). ExtensionRef + MUST NOT be used for core and extended filters. + \n Support: Implementation-specific" properties: group: + description: Group is the group of the referent. + For example, "networking.k8s.io". When + unspecified (empty string), core API group + is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the referent. maxLength: 253 minLength: 1 type: string @@ -7131,16 +15710,44 @@ spec: - name type: object requestHeaderModifier: + description: "RequestHeaderModifier defines + a schema for a filter that modifies request + headers. \n Support: Core" properties: add: + description: "Add adds the given header(s) + (name, value) to the request before the + action. It appends to any existing values + associated with the header name. \n Input: + GET /foo HTTP/1.1 my-header: foo \n Config: + add: - name: \"my-header\" value: \"bar\" + \n Output: GET /foo HTTP/1.1 my-header: + foo my-header: bar" items: + description: HTTPHeader represents an + HTTP Header name and value as defined + by RFC 7230. properties: name: + description: "Name is the name of + the HTTP Header to be matched. Name + matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with + an equivalent name MUST be considered + for a match. Subsequent entries + with an equivalent header name MUST + be ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" + are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of + HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7154,19 +15761,52 @@ spec: - name x-kubernetes-list-type: map remove: + description: "Remove the given header(s) + from the HTTP request before the action. + The value of Remove is a list of HTTP + header names. Note that the header names + are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2). + \n Input: GET /foo HTTP/1.1 my-header1: + foo my-header2: bar my-header3: baz \n + Config: remove: [\"my-header1\", \"my-header3\"] + \n Output: GET /foo HTTP/1.1 my-header2: + bar" items: type: string maxItems: 16 type: array set: + description: "Set overwrites the request + with the given header (name, value) before + the action. \n Input: GET /foo HTTP/1.1 + my-header: foo \n Config: set: - name: + \"my-header\" value: \"bar\" \n Output: + GET /foo HTTP/1.1 my-header: bar" items: + description: HTTPHeader represents an + HTTP Header name and value as defined + by RFC 7230. properties: name: + description: "Name is the name of + the HTTP Header to be matched. Name + matching MUST be case insensitive. + (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, the first entry with + an equivalent name MUST be considered + for a match. Subsequent entries + with an equivalent header name MUST + be ignored. Due to the case-insensitivity + of header names, \"foo\" and \"Foo\" + are considered equivalent." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string value: + description: Value is the value of + HTTP Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7181,30 +15821,81 @@ spec: x-kubernetes-list-type: map type: object requestMirror: + description: "RequestMirror defines a schema + for a filter that mirrors requests. Requests + are sent to the specified destination, but + responses from that destination are ignored. + \n Support: Extended" properties: backendRef: + description: "BackendRef references a resource + where mirrored requests are sent. \n If + the referent cannot be found, this BackendRef + is invalid and must be dropped from the + Gateway. The controller must ensure the + \"ResolvedRefs\" condition on the Route + status is set to `status: False` and not + configure this backend in the underlying + implementation. \n If there is a cross-namespace + reference to an *existing* object that + is not allowed by a ReferencePolicy, the + controller must ensure the \"ResolvedRefs\" + \ condition on the Route is set to `status: + False`, with the \"RefNotPermitted\" reason + and not configure this backend in the + underlying implementation. \n In either + error case, the Message of the `ResolvedRefs` + Condition should be used to provide more + detail about the problem. \n Support: + Extended for Kubernetes Service Support: + Custom for any other resource" properties: group: default: "" + description: Group is the group of the + referent. For example, "networking.k8s.io". + When unspecified (empty string), core + API group is inferred. maxLength: 253 pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string kind: default: Service + description: Kind is kind of the referent. + For example "HTTPRoute" or "Service". maxLength: 63 minLength: 1 pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ type: string name: + description: Name is the name of the + referent. maxLength: 253 minLength: 1 type: string namespace: + description: "Namespace is the namespace + of the backend. When unspecified, + the local namespace is inferred. \n + Note that when a namespace is specified, + a ReferencePolicy object is required + in the referent namespace to allow + that namespace's owner to accept the + reference. See the ReferencePolicy + documentation for details. \n Support: + Core" maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string port: + description: Port specifies the destination + port number to use for this resource. + Port is required when the referent + is a Kubernetes Service. For other + resources, destination port might + be derived from the referent resource + or this field. format: int32 maximum: 65535 minimum: 1 @@ -7216,30 +15907,77 @@ spec: - backendRef type: object requestRedirect: + description: "RequestRedirect defines a schema + for a filter that responds to the request + with an HTTP redirection. \n Support: Core" properties: hostname: + description: "Hostname is the hostname to + be used in the value of the `Location` + header in the response. When empty, the + hostname of the request is used. \n Support: + Core" maxLength: 253 minLength: 1 pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string port: + description: "Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. \n + Support: Extended" format: int32 maximum: 65535 minimum: 1 type: integer scheme: + description: "Scheme is the scheme to be + used in the value of the `Location` header + in the response. When empty, the scheme + of the request is used. \n Support: Extended" enum: - http - https type: string statusCode: default: 302 + description: "StatusCode is the HTTP status + code to be used in response. \n Support: + Core" enum: - 301 - 302 type: integer type: object type: + description: "Type identifies the type of filter + to apply. As with other API fields, types + are classified into three conformance levels: + \n - Core: Filter types and their corresponding + configuration defined by \"Support: Core\" + in this package, e.g. \"RequestHeaderModifier\". + All implementations must support core filters. + \n - Extended: Filter types and their corresponding + configuration defined by \"Support: Extended\" + in this package, e.g. \"RequestMirror\". Implementers + are encouraged to support extended filters. + \n - Custom: Filters that are defined and + supported by specific vendors. In the future, + filters showing convergence in behavior across + multiple implementations will be considered + for inclusion in extended or core conformance + levels. Filter-specific configuration for + such filters is specified using the ExtensionRef + field. `Type` should be set to \"ExtensionRef\" + for custom filters. \n Implementers are encouraged + to define custom implementation types to extend + the core API with implementation-specific + behavior. \n If a reference to a custom filter + type cannot be resolved, the filter MUST NOT + be skipped. Instead, requests that would have + been processed by that filter MUST receive + a HTTP error response." enum: - RequestHeaderModifier - RequestMirror @@ -7256,23 +15994,99 @@ spec: - path: type: PathPrefix value: / + description: "Matches define conditions used for matching + the rule against incoming HTTP requests. Each match + is independent, i.e. this rule will be matched if + **any** one of the matches is satisfied. \n For + example, take the following matches configuration: + \n ``` matches: - path: value: \"/foo\" headers: + - name: \"version\" value: \"v2\" - path: value: + \"/v2/foo\" ``` \n For a request to match against + this rule, a request must satisfy EITHER of the + two conditions: \n - path prefixed with `/foo` AND + contains the header `version: v2` - path prefix + of `/v2/foo` \n See the documentation for HTTPRouteMatch + on how to specify multiple match conditions that + should be ANDed together. \n If no matches are specified, + the default is a prefix path match on \"/\", which + has the effect of matching every HTTP request. \n + Proxy or Load Balancer routing configuration generated + from HTTPRoutes MUST prioritize rules based on the + following criteria, continuing on ties. Precedence + must be given to the the Rule with the largest number + of: \n * Characters in a matching non-wildcard hostname. + * Characters in a matching hostname. * Characters + in a matching path. * Header matches. * Query param + matches. \n If ties still exist across multiple + Routes, matching precedence MUST be determined in + order of the following criteria, continuing on ties: + \n * The oldest Route based on creation timestamp. + * The Route appearing first in alphabetical order + by \"/\". \n If ties still exist + within the Route that has been given precedence, + matching precedence MUST be granted to the first + matching rule meeting the above criteria." items: + description: "HTTPRouteMatch defines the predicate + used to match requests to a given action. Multiple + match types are ANDed together, i.e. the match + will evaluate to true only if all conditions are + satisfied. \n For example, the match below will + match a HTTP request only if its path starts with + `/foo` AND it contains the `version: v1` header: + \n ``` match: path: value: \"/foo\" headers: - + name: \"version\" value \"v1\" ```" properties: headers: + description: Headers specifies HTTP request + header matchers. Multiple match values are + ANDed together, meaning, a request must match + all the specified headers to select the route. items: + description: HTTPHeaderMatch describes how + to select a HTTP route by matching HTTP + request headers. properties: name: + description: "Name is the name of the + HTTP Header to be matched. Name matching + MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2). + \n If multiple entries specify equivalent + header names, only the first entry with + an equivalent name MUST be considered + for a match. Subsequent entries with + an equivalent header name MUST be ignored. + Due to the case-insensitivity of header + names, \"foo\" and \"Foo\" are considered + equivalent. \n When a header is repeated + in an HTTP request, it is implementation-specific + behavior as to how this is represented. + Generally, proxies should follow the + guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 + regarding processing a repeated header, + with special handling for \"Set-Cookie\"." maxLength: 256 minLength: 1 pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ type: string type: default: Exact + description: "Type specifies how to match + against the value of the header. \n + Support: Core (Exact) \n Support: Custom + (RegularExpression) \n Since RegularExpression + HeaderMatchType has custom conformance, + implementations can support POSIX, PCRE + or any other dialects of regular expressions. + Please read the implementation's documentation + to determine the supported dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of HTTP + Header to be matched. maxLength: 4096 minLength: 1 type: string @@ -7286,6 +16100,10 @@ spec: - name x-kubernetes-list-type: map method: + description: "Method specifies HTTP method matcher. + When specified, this route will be matched + only if the request has the specified method. + \n Support: Extended" enum: - GET - HEAD @@ -7301,9 +16119,16 @@ spec: default: type: PathPrefix value: / + description: Path specifies a HTTP request path + matcher. If this field is not specified, a + default prefix match on the "/" path is provided. properties: type: default: PathPrefix + description: "Type specifies how to match + against the path Value. \n Support: Core + (Exact, PathPrefix) \n Support: Custom + (RegularExpression)" enum: - Exact - PathPrefix @@ -7311,23 +16136,48 @@ spec: type: string value: default: / + description: Value of the HTTP path to match + against. maxLength: 1024 type: string type: object queryParams: + description: QueryParams specifies HTTP query + parameter matchers. Multiple match values + are ANDed together, meaning, a request must + match all the specified query parameters to + select the route. items: + description: HTTPQueryParamMatch describes + how to select a HTTP route by matching HTTP + query parameters. properties: name: + description: Name is the name of the HTTP + query param to be matched. This must + be an exact string match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3). maxLength: 256 minLength: 1 type: string type: default: Exact + description: "Type specifies how to match + against the value of the query parameter. + \n Support: Extended (Exact) \n Support: + Custom (RegularExpression) \n Since + RegularExpression QueryParamMatchType + has custom conformance, implementations + can support POSIX, PCRE or any other + dialects of regular expressions. Please + read the implementation's documentation + to determine the supported dialect." enum: - Exact - RegularExpression type: string value: + description: Value is the value of HTTP + query param to be matched. maxLength: 1024 minLength: 1 type: string @@ -7351,30 +16201,37 @@ spec: inputs: items: properties: - dap: + dapr: properties: name: + description: The name of the dapr component, the component + can be defined in the `bindings`, `pubsub`, or `states`, + or an existing component. type: string topic: type: string type: + description: Type is the type of the component, if it + is not set, controller will get it automatically. type: string required: - name type: object - required: - - dap type: object type: array type: object version: + description: Function version in format like v1.0.0 type: string workloadType: + description: How to run the function, known values are Deployment or + StatefulSet, default is Deployment. type: string required: - image type: object status: + description: ServingStatus defines the observed state of Serving properties: message: type: string @@ -7385,10 +16242,12 @@ spec: resourceRef: additionalProperties: type: string + description: Associate resources. type: object state: type: string url: + description: Service holds the service name used to access the serving. type: string type: object type: object diff --git a/openfunction/crds/trigger.yaml b/openfunction/crds/trigger.yaml index f2c2f67..689f345 100644 --- a/openfunction/crds/trigger.yaml +++ b/openfunction/crds/trigger.yaml @@ -11,150 +11,192 @@ spec: singular: trigger scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.eventBus - name: EventBus - type: string - - jsonPath: .status.conditions[-1].type - name: Status - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - eventBus: - type: string - inputs: - additionalProperties: - properties: - event: - type: string - eventSource: - type: string - namespace: - type: string - required: - - event - - eventSource + - additionalPrinterColumns: + - jsonPath: .spec.eventBus + name: EventBus + type: string + - jsonPath: .status.conditions[-1].type + name: Status + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Trigger is the Schema for the triggers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TriggerSpec defines the desired state of Trigger + properties: + eventBus: + description: EventBus allows you to specify a specific EventBus to be + used instead of the "default" one + type: string + inputs: + additionalProperties: + properties: + event: + description: Event, name of event + type: string + eventSource: + description: EventSource, name of EventSource + type: string + namespace: + description: Namespace, namespace of EventSource, default to namespace + of Trigger + type: string + required: + - event + - eventSource + type: object + description: Inputs defines the event sources associated with the Trigger type: object - type: object - logLevel: - type: string - subscribers: - items: - properties: - condition: - type: string - deadLetterSink: - properties: - ref: - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - apiVersion - - kind - - name - type: object - uri: - type: string - type: object - deadLetterTopic: - type: string - sink: - properties: - ref: - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - namespace: - type: string - required: - - apiVersion - - kind - - name - type: object - uri: - type: string - type: object - topic: - type: string - required: - - condition - type: object - type: array - required: - - eventBus - - inputs - - subscribers - type: object - status: - properties: - conditions: - items: - properties: - message: - type: string - reason: - enum: - - EventSourceFunctionCreated - - ErrorCreatingEventSource - - ErrorCreatingEventSourceFunction - - EventSourceIsReady - - ErrorConfiguration - - ErrorToFindExistEventBus - - ErrorGenerateComponent - - ErrorGenerateScaledObject - - PendingCreation - - ErrorToFindTriggerSubscribers - - ErrorCreatingTrigger - - TriggerIsReady - - ErrorCreatingTriggerFunction - - TriggerFunctionCreated - type: string - status: - type: string - timestamp: - type: string - type: - enum: - - Created - - Error - - Pending - - Unknown - - Terminating - - Terminated - - Ready - type: string - required: - - status - - type - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + logLevel: + description: The logging level of the event source handler, e.g. "1", + "2", "3". The level increases as the value increases, default is "1". + type: string + subscribers: + description: Subscribers defines the subscribers associated with the + Trigger + items: + properties: + condition: + description: Condition for judging events + type: string + deadLetterSink: + description: SinkSpec specifies the receiver of the events an + EventSource received, sinks in the Uri format have higher priority + than sinks in Reference format. + properties: + ref: + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent. + type: string + required: + - apiVersion + - kind + - name + type: object + uri: + type: string + type: object + deadLetterTopic: + type: string + sink: + description: Sink and DeadLetterSink are used to handle subscribers + who use the synchronous call method + properties: + ref: + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: Kind of the referent. + type: string + name: + description: Name of the referent. + type: string + namespace: + description: Namespace of the referent. + type: string + required: + - apiVersion + - kind + - name + type: object + uri: + type: string + type: object + topic: + description: Topic and DeadLetterTopic are used to handle subscribers + who use the asynchronous call method + type: string + required: + - condition + type: object + type: array + required: + - eventBus + - inputs + - subscribers + type: object + status: + description: TriggerStatus defines the observed state of Trigger + properties: + conditions: + items: + properties: + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + enum: + - EventSourceFunctionCreated + - ErrorCreatingEventSource + - ErrorCreatingEventSourceFunction + - EventSourceIsReady + - ErrorConfiguration + - ErrorToFindExistEventBus + - ErrorGenerateComponent + - ErrorGenerateScaledObject + - PendingCreation + - ErrorToFindTriggerSubscribers + - ErrorCreatingTrigger + - TriggerIsReady + - ErrorCreatingTriggerFunction + - TriggerFunctionCreated + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + timestamp: + description: Timestamp of the condition + type: string + type: + description: Type of condition + enum: + - Created + - Error + - Pending + - Unknown + - Terminating + - Terminated + - Ready + type: string + required: + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: ""