diff --git a/deployments/config/account.yaml b/deployments/custom-installation/config/account.yaml
similarity index 100%
rename from deployments/config/account.yaml
rename to deployments/custom-installation/config/account.yaml
diff --git a/deployments/config/binding.yaml b/deployments/custom-installation/config/binding.yaml
similarity index 100%
rename from deployments/config/binding.yaml
rename to deployments/custom-installation/config/binding.yaml
diff --git a/deployments/custom-installation/deployController.yaml b/deployments/custom-installation/deployController.yaml
index ecf9a8a1b8b89bb353a4e6c660c415b5b0abaca5..0a3b6a27fc5637dc08051fd1a7ba097cfc516e56 100644
--- a/deployments/custom-installation/deployController.yaml
+++ b/deployments/custom-installation/deployController.yaml
@@ -14,7 +14,7 @@ spec:
spec:
containers:
- name: l2sm-controller
- image: alexdecb/l2sm-controller:2.2
+ image: alexdecb/l2sm-controller:2.3
readinessProbe:
httpGet:
path: /onos/ui
@@ -24,6 +24,7 @@ spec:
ports:
- containerPort: 6633
- containerPort: 8181
+ # imagePullPolicy: Always
---
apiVersion: v1
kind: Service
diff --git a/deployments/custom-installation/deployManager.yaml b/deployments/custom-installation/deployManager.yaml
index 533b4f9957770de62c8b81d0c74b075b22dc4321..8f7b0df90f74084061967e5b087f6e5644786f0a 100644
--- a/deployments/custom-installation/deployManager.yaml
+++ b/deployments/custom-installation/deployManager.yaml
@@ -1,9285 +1,3 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
- name: l2networks.l2sm.l2sm.k8s.local
-spec:
- group: l2sm.l2sm.k8s.local
- names:
- kind: L2Network
- listKind: L2NetworkList
- plural: l2networks
- singular: l2network
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Internal SDN Controller Connectivity
- jsonPath: .status.internalConnectivity
- name: AVAILABILITY
- type: string
- - description: Internal SDN Controller Connectivity
- jsonPath: .status.connectedPods
- name: CONNECTED_PODS
- type: integer
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: L2Network is the Schema for the l2networks API
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: L2NetworkSpec defines the desired state of L2Network
- properties:
- config:
- description: Config is an optional field that is meant to be used
- as additional configuration depending on the type of network. Check
- each type of network for specific configuration definitions.
- type: string
- provider:
- description: Provider is an optional field representing a provider
- spec. Check the provider spec definition for more details
- properties:
- domain:
- type: string
- name:
- type: string
- required:
- - domain
- - name
- type: object
- type:
- description: NetworkType represents the type of network being configured.
- enum:
- - ext-vnet
- - vnet
- - vlink
- type: string
- required:
- - type
- type: object
- status:
- description: L2NetworkStatus defines the observed state of L2Network
- properties:
- connectedPods:
- description: Existing Pods in the cluster, connected to the specific
- network
- items:
- type: string
- type: array
- internalConnectivity:
- default: Unavailable
- description: Status of the connectivity to the internal SDN Controller.
- If there is no connection, internal l2sm-switches won't forward
- traffic
- enum:
- - Available
- - Unavailable
- - Unknown
- type: string
- providerConnectivity:
- description: Status of the connectivity to the external provider SDN
- Controller. If there is no connectivity, the exisitng l2sm-ned in
- the cluster won't forward packages to the external clusters.
- enum:
- - Available
- - Unavailable
- - Unknown
- type: string
- required:
- - internalConnectivity
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
- name: networkedgedevices.l2sm.l2sm.k8s.local
-spec:
- group: l2sm.l2sm.k8s.local
- names:
- kind: NetworkEdgeDevice
- listKind: NetworkEdgeDeviceList
- plural: networkedgedevices
- singular: networkedgedevice
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: Availability status of the overlay
- jsonPath: .status.availability
- name: STATUS
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: AGE
- type: date
- name: v1
- schema:
- openAPIV3Schema:
- description: NetworkEdgeDevice is the Schema for the networkedgedevices API
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: NetworkEdgeDeviceSpec defines the desired state of NetworkEdgeDevice
- properties:
- neighbors:
- description: Field exclusive to the multi-domain overlay type. If
- specified in other types of overlays, the reosurce will launch
- an error and won't be created.
- items:
- properties:
- domain:
- description: |-
- Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
- is going to be deployed at.
- type: string
- node:
- description: Name of the cluster the link is going to be made
- upon.
- type: string
- required:
- - domain
- - node
- type: object
- type: array
- networkController:
- description: The SDN Controller that manages the overlay network.
- Must specify a domain and a name.
- properties:
- domain:
- description: Domain where the controller can be reached at. Must
- be a valid IP Address or Domain name, reachable from all the
- nodes where the switches are deployed at.
- type: string
- name:
- description: Name of the Network controller
- type: string
- required:
- - domain
- - name
- type: object
- switchTemplate:
- description: Template describes the virtual switch pod that will be
- created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the pod.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- containers:
- description: |-
- List of containers belonging to the pod.
- Containers cannot currently be added or removed.
- There must be at least one container in a Pod.
- Cannot be updated.
- items:
- description: A single application container that you want
- to run within a pod.
- properties:
- args:
- description: |-
- Arguments to the entrypoint.
- The container image's CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- command:
- description: |-
- Entrypoint array. Not executed within a shell.
- The container image's ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- env:
- description: |-
- List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: |-
- List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take precedence.
- Values defined by an Env with a duplicate key will take precedence.
- Cannot be updated.
- items:
- description: EnvFromSource represents the source of
- a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: |-
- Container image name.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- imagePullPolicy:
- description: |-
- Image pull policy.
- One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- type: string
- lifecycle:
- description: |-
- Actions that the management system should take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: |-
- PostStart is called immediately after a container is created. If the handler fails,
- the container is terminated and restarted according to its restart policy.
- Other management of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: |-
- PreStop is called immediately before a container is terminated due to an
- API request or management event such as liveness/startup probe failure,
- preemption, resource contention, etc. The handler is not called if the
- container crashes or exits. The Pod's termination grace period countdown begins before the
- PreStop hook is executed. Regardless of the outcome of the handler, the
- container will eventually terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: |-
- Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- name:
- description: |-
- Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: |-
- List of ports to expose from the container. Not specifying a port here
- DOES NOT prevent that port from being exposed. Any port which is
- listening on the default "0.0.0.0" address inside a container will be
- accessible from the network.
- Modifying this array with strategic merge patch may corrupt the data.
- For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port
- in a single container.
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: |-
- Number of port to expose on the host.
- If specified, this must be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: |-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- named port in a pod must have a unique name. Name for the port that can be
- referred to by services.
- type: string
- protocol:
- default: TCP
- description: |-
- Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: |-
- Periodic probe of container service readiness.
- Container will be removed from service endpoints if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: |-
- Name of the resource to which this resource resize policy applies.
- Supported values: cpu, memory.
- type: string
- restartPolicy:
- description: |-
- Restart policy to apply when specified resource is resized.
- If not specified, it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: |-
- Compute Resources required by this container.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
-
-
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
-
-
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- restartPolicy:
- description: |-
- RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
- the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
- this init container will be continually restarted on
- exit until all regular containers have terminated. Once all regular
- containers have completed, all init containers with restartPolicy "Always"
- will be shut down. This lifecycle differs from normal init containers and
- is often referred to as a "sidecar" container. Although this init
- container still starts in the init container sequence, it does not wait
- for the container to complete before proceeding to the next init
- container. Instead, the next init container starts immediately after this
- init container is started, or after any startupProbe has successfully
- completed.
- type: string
- securityContext:
- description: |-
- SecurityContext defines the security options the container should be run with.
- If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- properties:
- allowPrivilegeEscalation:
- description: |-
- AllowPrivilegeEscalation controls whether a process can gain more
- privileges than its parent process. This bool directly controls if
- the no_new_privs flag will be set on the container process.
- AllowPrivilegeEscalation is true always when the container is:
- 1) run as Privileged
- 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- capabilities:
- description: |-
- The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the container runtime.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: |-
- Run container in privileged mode.
- Processes in privileged containers are essentially equivalent to root on the host.
- Defaults to false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: |-
- procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
- readonly paths and masked paths.
- This requires the ProcMountType feature flag to be enabled.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: |-
- Whether this container has a read-only root filesystem.
- Default is false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by this container. If seccomp options are
- provided at both the pod & container level, the container options
- override the pod options.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: |-
- StartupProbe indicates that the Pod has successfully initialized.
- If specified, no other probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- when it might take a long time to load data or warm a cache, than during steady-state operation.
- This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- stdin:
- description: |-
- Whether this container should allocate a buffer for stdin in the container runtime. If this
- is not set, reads from stdin in the container will always result in EOF.
- Default is false.
- type: boolean
- stdinOnce:
- description: |-
- Whether the container runtime should close the stdin channel after it has been opened by
- a single attach. When stdin is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container is restarted. If this
- flag is false, a container processes that reads from stdin will never receive an EOF.
- Default is false
- type: boolean
- terminationMessagePath:
- description: |-
- Optional: Path at which the file to which the container's termination message
- will be written is mounted into the container's filesystem.
- Message written is intended to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb.
- Defaults to /dev/termination-log.
- Cannot be updated.
- type: string
- terminationMessagePolicy:
- description: |-
- Indicate how the termination message should be populated. File will use the contents of
- terminationMessagePath to populate the container status message on both success and failure.
- FallbackToLogsOnError will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- Defaults to File.
- Cannot be updated.
- type: string
- tty:
- description: |-
- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a
- raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: |-
- Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a
- Volume within a container.
- properties:
- mountPath:
- description: |-
- Path within the container at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: |-
- mountPropagation determines how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is used.
- This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: |-
- Mounted read-only if true, read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: |-
- Path within the volume from which the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: |-
- Expanded path within the volume from which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root).
- SubPathExpr and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: |-
- Container's working directory.
- If not specified, the container runtime's default will be used, which
- might be configured in the container image.
- Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- hostNetwork:
- description: |-
- Host networking requested for this pod. Use the host's network namespace.
- If this option is set, the ports that will be used must be specified.
- Default to false.
- type: boolean
- initContainers:
- description: |-
- List of initialization containers belonging to the pod.
- Init containers are executed in order prior to containers being started. If any
- init container fails, the pod is considered to have failed and is handled according
- to its restartPolicy. The name for an init container or normal container must be
- unique among all containers.
- Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken into account during scheduling
- by finding the highest request/limit for each resource type, and then using the max of
- of that value or the sum of the normal containers. Limits are applied to init containers
- in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- items:
- description: A single application container that you want
- to run within a pod.
- properties:
- args:
- description: |-
- Arguments to the entrypoint.
- The container image's CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- command:
- description: |-
- Entrypoint array. Not executed within a shell.
- The container image's ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- env:
- description: |-
- List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: |-
- List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take precedence.
- Values defined by an Env with a duplicate key will take precedence.
- Cannot be updated.
- items:
- description: EnvFromSource represents the source of
- a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: |-
- Container image name.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- imagePullPolicy:
- description: |-
- Image pull policy.
- One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- type: string
- lifecycle:
- description: |-
- Actions that the management system should take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: |-
- PostStart is called immediately after a container is created. If the handler fails,
- the container is terminated and restarted according to its restart policy.
- Other management of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: |-
- PreStop is called immediately before a container is terminated due to an
- API request or management event such as liveness/startup probe failure,
- preemption, resource contention, etc. The handler is not called if the
- container crashes or exits. The Pod's termination grace period countdown begins before the
- PreStop hook is executed. Regardless of the outcome of the handler, the
- container will eventually terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: |-
- Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- name:
- description: |-
- Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: |-
- List of ports to expose from the container. Not specifying a port here
- DOES NOT prevent that port from being exposed. Any port which is
- listening on the default "0.0.0.0" address inside a container will be
- accessible from the network.
- Modifying this array with strategic merge patch may corrupt the data.
- For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port
- in a single container.
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: |-
- Number of port to expose on the host.
- If specified, this must be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: |-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- named port in a pod must have a unique name. Name for the port that can be
- referred to by services.
- type: string
- protocol:
- default: TCP
- description: |-
- Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: |-
- Periodic probe of container service readiness.
- Container will be removed from service endpoints if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: |-
- Name of the resource to which this resource resize policy applies.
- Supported values: cpu, memory.
- type: string
- restartPolicy:
- description: |-
- Restart policy to apply when specified resource is resized.
- If not specified, it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: |-
- Compute Resources required by this container.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
-
-
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
-
-
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- restartPolicy:
- description: |-
- RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
- the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
- this init container will be continually restarted on
- exit until all regular containers have terminated. Once all regular
- containers have completed, all init containers with restartPolicy "Always"
- will be shut down. This lifecycle differs from normal init containers and
- is often referred to as a "sidecar" container. Although this init
- container still starts in the init container sequence, it does not wait
- for the container to complete before proceeding to the next init
- container. Instead, the next init container starts immediately after this
- init container is started, or after any startupProbe has successfully
- completed.
- type: string
- securityContext:
- description: |-
- SecurityContext defines the security options the container should be run with.
- If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- properties:
- allowPrivilegeEscalation:
- description: |-
- AllowPrivilegeEscalation controls whether a process can gain more
- privileges than its parent process. This bool directly controls if
- the no_new_privs flag will be set on the container process.
- AllowPrivilegeEscalation is true always when the container is:
- 1) run as Privileged
- 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- capabilities:
- description: |-
- The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the container runtime.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: |-
- Run container in privileged mode.
- Processes in privileged containers are essentially equivalent to root on the host.
- Defaults to false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: |-
- procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
- readonly paths and masked paths.
- This requires the ProcMountType feature flag to be enabled.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: |-
- Whether this container has a read-only root filesystem.
- Default is false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by this container. If seccomp options are
- provided at both the pod & container level, the container options
- override the pod options.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: |-
- StartupProbe indicates that the Pod has successfully initialized.
- If specified, no other probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- when it might take a long time to load data or warm a cache, than during steady-state operation.
- This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- stdin:
- description: |-
- Whether this container should allocate a buffer for stdin in the container runtime. If this
- is not set, reads from stdin in the container will always result in EOF.
- Default is false.
- type: boolean
- stdinOnce:
- description: |-
- Whether the container runtime should close the stdin channel after it has been opened by
- a single attach. When stdin is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container is restarted. If this
- flag is false, a container processes that reads from stdin will never receive an EOF.
- Default is false
- type: boolean
- terminationMessagePath:
- description: |-
- Optional: Path at which the file to which the container's termination message
- will be written is mounted into the container's filesystem.
- Message written is intended to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb.
- Defaults to /dev/termination-log.
- Cannot be updated.
- type: string
- terminationMessagePolicy:
- description: |-
- Indicate how the termination message should be populated. File will use the contents of
- terminationMessagePath to populate the container status message on both success and failure.
- FallbackToLogsOnError will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- Defaults to File.
- Cannot be updated.
- type: string
- tty:
- description: |-
- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a
- raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: |-
- Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a
- Volume within a container.
- properties:
- mountPath:
- description: |-
- Path within the container at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: |-
- mountPropagation determines how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is used.
- This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: |-
- Mounted read-only if true, read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: |-
- Path within the volume from which the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: |-
- Expanded path within the volume from which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root).
- SubPathExpr and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: |-
- Container's working directory.
- If not specified, the container runtime's default will be used, which
- might be configured in the container image.
- Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- volumes:
- description: |-
- List of volumes that can be mounted by containers belonging to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes
- items:
- description: Volume represents a named volume in a pod that
- may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: |-
- awsElasticBlockStore represents an AWS Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly value true will force the readOnly setting in VolumeMounts.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: boolean
- volumeID:
- description: |-
- volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk
- mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'cachingMode is the Host Caching mode:
- None, Read Only, Read Write.'
- type: string
- diskName:
- description: diskName is the Name of the data disk
- in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in
- the blob storage
- type: string
- fsType:
- description: |-
- fsType is Filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'kind expected values are Shared: multiple
- blob disks per storage account Dedicated: single
- blob disk per storage account Managed: azure
- managed data disk (only in managed availability
- set). defaults to shared'
- type: string
- readOnly:
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service
- mount on the host and bind mount to the pod.
- properties:
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that
- contains Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the
- host that shares a pod's lifetime
- properties:
- monitors:
- description: |-
- monitors is Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- items:
- type: string
- type: array
- path:
- description: 'path is Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
- type: string
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: boolean
- secretFile:
- description: |-
- secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- secretRef:
- description: |-
- secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: |-
- user is optional: User is the rados user name, default is admin
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: |-
- cinder represents a cinder volume attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: boolean
- secretRef:
- description: |-
- secretRef is optional: points to a secret object containing parameters used to connect
- to OpenStack.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: |-
- volumeID used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should
- populate this volume
- properties:
- defaultMode:
- description: |-
- defaultMode is optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: |-
- driver is the name of the CSI driver that handles this volume.
- Consult with your admin for the correct name as registered in the cluster.
- type: string
- fsType:
- description: |-
- fsType to mount. Ex. "ext4", "xfs", "ntfs".
- If not provided, the empty value is passed to the associated CSI driver
- which will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: |-
- nodePublishSecretRef is a reference to the secret object containing
- sensitive information to pass to the CSI driver to complete the CSI
- NodePublishVolume and NodeUnpublishVolume calls.
- This field is optional, and may be empty if no secret is required. If the
- secret object contains more than one secret, all secret references are passed.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: |-
- readOnly specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: |-
- volumeAttributes stores driver-specific properties that are passed to the CSI
- driver. Consult your driver's documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about
- the pod that should populate this volume
- properties:
- defaultMode:
- description: |-
- Optional: mode bits to use on created files by default. Must be a
- Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: |-
- emptyDir represents a temporary directory that shares a pod's lifetime.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- properties:
- medium:
- description: |-
- medium represents what type of storage medium should back this directory.
- The default is "" which means to use the node's default medium.
- Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: |-
- sizeLimit is the total amount of local storage required for this EmptyDir volume.
- The size limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir would be the minimum value between
- the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: |-
- ephemeral represents a volume that is handled by a cluster storage driver.
- The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- and deleted when the pod is removed.
-
-
- Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from snapshot or capacity
- tracking are needed,
- c) the storage driver is specified through a storage class, and
- d) the storage driver supports dynamic volume provisioning through
- a PersistentVolumeClaim (see EphemeralVolumeSource for more
- information on the connection between this volume type
- and PersistentVolumeClaim).
-
-
- Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than the lifecycle
- of an individual pod.
-
-
- Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- be used that way - see the documentation of the driver for
- more information.
-
-
- A pod can use both types of ephemeral volumes and
- persistent volumes at the same time.
- properties:
- volumeClaimTemplate:
- description: |-
- Will be used to create a stand-alone PVC to provision the volume.
- The pod in which this EphemeralVolumeSource is embedded will be the
- owner of the PVC, i.e. the PVC will be deleted together with the
- pod. The name of the PVC will be `<pod name>-<volume name>` where
- `<volume name>` is the name from the `PodSpec.Volumes` array
- entry. Pod validation will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
-
-
- An existing PVC with that name that is not owned by the pod
- will *not* be used for the pod to avoid using an unrelated
- volume by mistake. Starting the pod is then blocked until
- the unrelated PVC is removed. If such a pre-created PVC is
- meant to be used by the pod, the PVC has to updated with an
- owner reference to the pod once the pod exists. Normally
- this should not be necessary, but it may be useful when
- manually reconstructing a broken cluster.
-
-
- This field is read-only and no changes will be made by Kubernetes
- to the PVC after it has been created.
-
-
- Required, must not be nil.
- properties:
- metadata:
- description: |-
- May contain labels and annotations that will be copied into the PVC
- when creating it. No other fields are allowed and will be rejected during
- validation.
- type: object
- spec:
- description: |-
- The specification for the PersistentVolumeClaim. The entire content is
- copied unchanged into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: |-
- accessModes contains the desired access modes the volume should have.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- items:
- type: string
- type: array
- dataSource:
- description: |-
- dataSource field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external controller can support the specified data source,
- it will create a new volume based on the contents of the specified data source.
- When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: |-
- dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding will only succeed if the type of
- the specified object matches some installed volume populator or dynamic
- provisioner.
- This field will replace the functionality of the dataSource field and as such
- if both fields are non-empty, they must have the same value. For backwards
- compatibility, when namespace isn't specified in dataSourceRef,
- both fields (dataSource and dataSourceRef) will be set to the same
- value automatically if one of them is empty and the other is non-empty.
- When namespace is specified in dataSourceRef,
- dataSource isn't set to the same value and must be empty.
- There are three important differences between dataSource and dataSourceRef:
- * While dataSource only allows two specific types of objects, dataSourceRef
- allows any non-core object, as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values (dropping them), dataSourceRef
- preserves all values, and generates an error if a disallowed value is
- specified.
- * While dataSource only allows local objects, dataSourceRef allows objects
- in any namespaces.
- (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- namespace:
- description: |-
- Namespace is the namespace of resource being referenced
- Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: |-
- resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- that are lower than previous value but must still be higher than capacity recorded in the
- status field of the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- selector:
- description: selector is a label query over
- volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: |-
- storageClassName is the name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- type: string
- volumeAttributesClassName:
- description: |-
- volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
- If specified, the CSI driver will create or update the volume with the attributes defined
- in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
- it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
- will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
- If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
- will be set by the persistentvolume controller if it exists.
- If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
- set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
- exists.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
- (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
- type: string
- volumeMode:
- description: |-
- volumeMode defines what type of volume is required by the claim.
- Value of Filesystem is implied when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference
- to the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and then
- exposed to the pod.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- lun:
- description: 'lun is Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- targetWWNs:
- description: 'targetWWNs is Optional: FC target
- worldwide names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: |-
- wwids Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: |-
- flexVolume represents a generic volume resource that is
- provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to
- use for this volume.
- type: string
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'options is Optional: this field holds
- extra command options if any.'
- type: object
- readOnly:
- description: |-
- readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef is Optional: secretRef is reference to the secret object containing
- sensitive information to pass to the plugin scripts. This may be
- empty if no secret object is specified. If the secret object
- contains more than one secret, all secrets are passed to the plugin
- scripts.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached
- to a kubelet's host machine. This depends on the Flocker
- control service being running
- properties:
- datasetName:
- description: |-
- datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset.
- This is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: |-
- gcePersistentDisk represents a GCE Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- properties:
- fsType:
- description: |-
- fsType is filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- format: int32
- type: integer
- pdName:
- description: |-
- pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: |-
- gitRepo represents a git repository at a particular revision.
- DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- into the Pod's container.
- properties:
- directory:
- description: |-
- directory is the target directory name.
- Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- git repository. Otherwise, if specified, the volume will contain the git repository in
- the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the
- specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: |-
- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md
- properties:
- endpoints:
- description: |-
- endpoints is the endpoint name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- path:
- description: |-
- path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- readOnly:
- description: |-
- readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: |-
- hostPath represents a pre-existing file or directory on the host
- machine that is directly exposed to the container. This is generally
- used for system agents or other privileged things that are allowed
- to see the host machine. Most containers will NOT need this.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- ---
- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- mount host directories as read/write.
- properties:
- path:
- description: |-
- path of the directory on the host.
- If the path is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- type:
- description: |-
- type for HostPath Volume
- Defaults to ""
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- required:
- - path
- type: object
- iscsi:
- description: |-
- iscsi represents an ISCSI Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support
- iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support
- iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- initiatorName:
- description: |-
- initiatorName is the custom iSCSI Initiator Name.
- If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- <target portal>:<volume name> will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: |-
- iscsiInterface is the interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: |-
- portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI
- target and initiator authentication
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: |-
- targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: |-
- name of the volume.
- Must be a DNS_LABEL and unique within the pod.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- nfs:
- description: |-
- nfs represents an NFS mount on the host that shares a pod's lifetime
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- properties:
- path:
- description: |-
- path that is exported by the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- readOnly:
- description: |-
- readOnly here will force the NFS export to be mounted with read-only permissions.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: boolean
- server:
- description: |-
- server is the hostname or IP address of the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: |-
- persistentVolumeClaimVolumeSource represents a reference to a
- PersistentVolumeClaim in the same namespace.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- properties:
- claimName:
- description: |-
- claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- type: string
- readOnly:
- description: |-
- readOnly Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon
- Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx
- volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: |-
- defaultMode are the mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- clusterTrustBundle:
- description: |-
- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
- of ClusterTrustBundle objects in an auto-updating file.
-
-
- Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
-
- ClusterTrustBundle objects can either be selected by name, or by the
- combination of signer name and a label selector.
-
-
- Kubelet performs aggressive normalization of the PEM contents written
- into the pod filesystem. Esoteric PEM features such as inter-block
- comments and block headers are stripped. Certificates are deduplicated.
- The ordering of certificates within the file is arbitrary, and Kubelet
- may change the order over time.
- properties:
- labelSelector:
- description: |-
- Select all ClusterTrustBundles that match this label selector. Only has
- effect if signerName is set. Mutually-exclusive with name. If unset,
- interpreted as "match nothing". If set but empty, interpreted as "match
- everything".
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- name:
- description: |-
- Select a single ClusterTrustBundle by object name. Mutually-exclusive
- with signerName and labelSelector.
- type: string
- optional:
- description: |-
- If true, don't block pod startup if the referenced ClusterTrustBundle(s)
- aren't available. If using name, then the named ClusterTrustBundle is
- allowed not to exist. If using signerName, then the combination of
- signerName and labelSelector is allowed to match zero
- ClusterTrustBundles.
- type: boolean
- path:
- description: Relative path from the volume
- root to write the bundle.
- type: string
- signerName:
- description: |-
- Select all ClusterTrustBundles that match this signer name.
- Mutually-exclusive with name. The contents of all selected
- ClusterTrustBundles will be unified and deduplicated.
- type: string
- required:
- - path
- type: object
- configMap:
- description: configMap information about the
- configMap data to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a
- path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace are
- supported.'
- properties:
- apiVersion:
- description: Version of the
- schema the FieldPath is written
- in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the
- relative path name of the file
- to be created. Must not be absolute
- or contain the ''..'' path. Must
- be utf-8 encoded. The first item
- of the relative path must not
- start with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about the
- secret data to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a
- path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional field specify whether
- the Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to project
- properties:
- audience:
- description: |-
- audience is the intended audience of the token. A recipient of a token
- must identify itself with an identifier specified in the audience of the
- token, and otherwise should reject the token. The audience defaults to the
- identifier of the apiserver.
- type: string
- expirationSeconds:
- description: |-
- expirationSeconds is the requested duration of validity of the service
- account token. As the token approaches expiration, the kubelet volume
- plugin will proactively rotate the service account token. The kubelet will
- start trying to rotate the token if the token is older than 80 percent of
- its time to live or if the token is older than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: |-
- path is the path relative to the mount point of the file to project the
- token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the
- host that shares a pod's lifetime
- properties:
- group:
- description: |-
- group to map volume access to
- Default is no group
- type: string
- readOnly:
- description: |-
- readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: |-
- registry represents a single or multiple Quobyte Registry services
- specified as a string as host:port pair (multiple entries are separated with commas)
- which acts as the central registry for volumes
- type: string
- tenant:
- description: |-
- tenant owning the given Quobyte volume in the Backend
- Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- type: string
- user:
- description: |-
- user to map volume access to
- Defaults to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: |-
- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- image:
- description: |-
- image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- keyring:
- description: |-
- keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- monitors:
- description: |-
- monitors is a collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- items:
- type: string
- type: array
- pool:
- description: |-
- pool is the rados pool name.
- Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: boolean
- secretRef:
- description: |-
- secretRef is name of the authentication secret for RBDUser. If provided
- overrides keyring.
- Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: |-
- user is the rados user name.
- Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the
- ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the
- ScaleIO Protection Domain for the configured storage.
- type: string
- readOnly:
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef references to the secret for ScaleIO user and other
- sensitive information. If this is not provided, Login operation will fail.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL
- communication with Gateway, default false
- type: boolean
- storageMode:
- description: |-
- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: |-
- volumeName is the name of a volume already created in the ScaleIO system
- that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: |-
- secret represents a secret that should populate this volume.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- properties:
- defaultMode:
- description: |-
- defaultMode is Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values
- for mode bits. Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items If unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether the
- Secret or its keys must be defined
- type: boolean
- secretName:
- description: |-
- secretName is the name of the secret in the pod's namespace to use.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef specifies the secret to use for obtaining the StorageOS API
- credentials. If not specified, default values will be attempted.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: |-
- volumeName is the human-readable name of the StorageOS volume. Volume
- names are only unique within a namespace.
- type: string
- volumeNamespace:
- description: |-
- volumeNamespace specifies the scope of the volume within StorageOS. If no
- namespace is specified then the Pod's namespace will be used. This allows the
- Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- Set VolumeName to any name to override the default behaviour.
- Set to "default" if you are not using namespaces within StorageOS.
- Namespaces that do not pre-exist within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fsType is filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy
- Based Management (SPBM) profile ID associated
- with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy
- Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- required:
- - containers
- type: object
- type: object
- required:
- - networkController
- - switchTemplate
- type: object
- status:
- description: NetworkEdgeDeviceStatus defines the observed state of NetworkEdgeDevice
- properties:
- availability:
- default: Unavailable
- description: Status of the overlay. Is available when switches are
- connected between them and with the network Controller.
- enum:
- - Available
- - Unavailable
- - Unknown
- type: string
- connectedNeighbors:
- items:
- properties:
- domain:
- description: |-
- Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
- is going to be deployed at.
- type: string
- node:
- description: Name of the cluster the link is going to be made
- upon.
- type: string
- required:
- - domain
- - node
- type: object
- type: array
- openflowId:
- type: string
- required:
- - availability
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.14.0
- name: overlays.l2sm.l2sm.k8s.local
-spec:
- group: l2sm.l2sm.k8s.local
- names:
- kind: Overlay
- listKind: OverlayList
- plural: overlays
- singular: overlay
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: Overlay is the Schema for the overlays API
- properties:
- apiVersion:
- description: |-
- APIVersion defines the versioned schema of this representation of an object.
- Servers should convert recognized schemas to the latest internal value, and
- may reject unrecognized values.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- type: string
- kind:
- description: |-
- Kind is a string value representing the REST resource this object represents.
- Servers may infer this from the endpoint the client submits requests to.
- Cannot be updated.
- In CamelCase.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- type: string
- metadata:
- type: object
- spec:
- description: OverlaySpec defines the desired state of Overlay
- properties:
- neighbors:
- description: Field exclusive to the multi-domain overlay type. If
- specified in other types of overlays, the reosurce will launch
- an error and won't be created.
- items:
- properties:
- domain:
- description: |-
- Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
- is going to be deployed at.
- type: string
- node:
- description: Name of the cluster the link is going to be made
- upon.
- type: string
- required:
- - domain
- - node
- type: object
- type: array
- networkController:
- description: The SDN Controller that manages the overlay network.
- Must specify a domain and a name.
- properties:
- domain:
- description: Domain where the controller can be reached at. Must
- be a valid IP Address or Domain name, reachable from all the
- nodes where the switches are deployed at.
- type: string
- name:
- description: Name of the Network controller
- type: string
- required:
- - domain
- - name
- type: object
- switchTemplate:
- description: Template describes the virtual switch pod that will be
- created.
- properties:
- metadata:
- description: |-
- Standard object's metadata.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
- type: object
- spec:
- description: |-
- Specification of the desired behavior of the pod.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- properties:
- containers:
- description: |-
- List of containers belonging to the pod.
- Containers cannot currently be added or removed.
- There must be at least one container in a Pod.
- Cannot be updated.
- items:
- description: A single application container that you want
- to run within a pod.
- properties:
- args:
- description: |-
- Arguments to the entrypoint.
- The container image's CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- command:
- description: |-
- Entrypoint array. Not executed within a shell.
- The container image's ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- env:
- description: |-
- List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: |-
- List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take precedence.
- Values defined by an Env with a duplicate key will take precedence.
- Cannot be updated.
- items:
- description: EnvFromSource represents the source of
- a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: |-
- Container image name.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- imagePullPolicy:
- description: |-
- Image pull policy.
- One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- type: string
- lifecycle:
- description: |-
- Actions that the management system should take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: |-
- PostStart is called immediately after a container is created. If the handler fails,
- the container is terminated and restarted according to its restart policy.
- Other management of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: |-
- PreStop is called immediately before a container is terminated due to an
- API request or management event such as liveness/startup probe failure,
- preemption, resource contention, etc. The handler is not called if the
- container crashes or exits. The Pod's termination grace period countdown begins before the
- PreStop hook is executed. Regardless of the outcome of the handler, the
- container will eventually terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: |-
- Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- name:
- description: |-
- Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: |-
- List of ports to expose from the container. Not specifying a port here
- DOES NOT prevent that port from being exposed. Any port which is
- listening on the default "0.0.0.0" address inside a container will be
- accessible from the network.
- Modifying this array with strategic merge patch may corrupt the data.
- For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port
- in a single container.
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: |-
- Number of port to expose on the host.
- If specified, this must be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: |-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- named port in a pod must have a unique name. Name for the port that can be
- referred to by services.
- type: string
- protocol:
- default: TCP
- description: |-
- Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: |-
- Periodic probe of container service readiness.
- Container will be removed from service endpoints if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: |-
- Name of the resource to which this resource resize policy applies.
- Supported values: cpu, memory.
- type: string
- restartPolicy:
- description: |-
- Restart policy to apply when specified resource is resized.
- If not specified, it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: |-
- Compute Resources required by this container.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
-
-
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
-
-
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- restartPolicy:
- description: |-
- RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
- the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
- this init container will be continually restarted on
- exit until all regular containers have terminated. Once all regular
- containers have completed, all init containers with restartPolicy "Always"
- will be shut down. This lifecycle differs from normal init containers and
- is often referred to as a "sidecar" container. Although this init
- container still starts in the init container sequence, it does not wait
- for the container to complete before proceeding to the next init
- container. Instead, the next init container starts immediately after this
- init container is started, or after any startupProbe has successfully
- completed.
- type: string
- securityContext:
- description: |-
- SecurityContext defines the security options the container should be run with.
- If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- properties:
- allowPrivilegeEscalation:
- description: |-
- AllowPrivilegeEscalation controls whether a process can gain more
- privileges than its parent process. This bool directly controls if
- the no_new_privs flag will be set on the container process.
- AllowPrivilegeEscalation is true always when the container is:
- 1) run as Privileged
- 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- capabilities:
- description: |-
- The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the container runtime.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: |-
- Run container in privileged mode.
- Processes in privileged containers are essentially equivalent to root on the host.
- Defaults to false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: |-
- procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
- readonly paths and masked paths.
- This requires the ProcMountType feature flag to be enabled.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: |-
- Whether this container has a read-only root filesystem.
- Default is false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by this container. If seccomp options are
- provided at both the pod & container level, the container options
- override the pod options.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: |-
- StartupProbe indicates that the Pod has successfully initialized.
- If specified, no other probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- when it might take a long time to load data or warm a cache, than during steady-state operation.
- This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- stdin:
- description: |-
- Whether this container should allocate a buffer for stdin in the container runtime. If this
- is not set, reads from stdin in the container will always result in EOF.
- Default is false.
- type: boolean
- stdinOnce:
- description: |-
- Whether the container runtime should close the stdin channel after it has been opened by
- a single attach. When stdin is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container is restarted. If this
- flag is false, a container processes that reads from stdin will never receive an EOF.
- Default is false
- type: boolean
- terminationMessagePath:
- description: |-
- Optional: Path at which the file to which the container's termination message
- will be written is mounted into the container's filesystem.
- Message written is intended to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb.
- Defaults to /dev/termination-log.
- Cannot be updated.
- type: string
- terminationMessagePolicy:
- description: |-
- Indicate how the termination message should be populated. File will use the contents of
- terminationMessagePath to populate the container status message on both success and failure.
- FallbackToLogsOnError will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- Defaults to File.
- Cannot be updated.
- type: string
- tty:
- description: |-
- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a
- raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: |-
- Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a
- Volume within a container.
- properties:
- mountPath:
- description: |-
- Path within the container at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: |-
- mountPropagation determines how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is used.
- This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: |-
- Mounted read-only if true, read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: |-
- Path within the volume from which the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: |-
- Expanded path within the volume from which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root).
- SubPathExpr and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: |-
- Container's working directory.
- If not specified, the container runtime's default will be used, which
- might be configured in the container image.
- Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- hostNetwork:
- description: |-
- Host networking requested for this pod. Use the host's network namespace.
- If this option is set, the ports that will be used must be specified.
- Default to false.
- type: boolean
- initContainers:
- description: |-
- List of initialization containers belonging to the pod.
- Init containers are executed in order prior to containers being started. If any
- init container fails, the pod is considered to have failed and is handled according
- to its restartPolicy. The name for an init container or normal container must be
- unique among all containers.
- Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
- The resourceRequirements of an init container are taken into account during scheduling
- by finding the highest request/limit for each resource type, and then using the max of
- of that value or the sum of the normal containers. Limits are applied to init containers
- in a similar fashion.
- Init containers cannot currently be added or removed.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
- items:
- description: A single application container that you want
- to run within a pod.
- properties:
- args:
- description: |-
- Arguments to the entrypoint.
- The container image's CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- command:
- description: |-
- Entrypoint array. Not executed within a shell.
- The container image's ENTRYPOINT is used if this is not provided.
- Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
- cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
- of whether the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- items:
- type: string
- type: array
- env:
- description: |-
- List of environment variables to set in the container.
- Cannot be updated.
- items:
- description: EnvVar represents an environment variable
- present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: |-
- Variable references $(VAR_NAME) are expanded
- using the previously defined environment variables in the container and
- any service environment variables. If a variable cannot be resolved,
- the reference in the input string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded, regardless of whether the variable
- exists or not.
- Defaults to "".
- type: string
- valueFrom:
- description: Source for the environment variable's
- value. Cannot be used if value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: |-
- Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
- spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret in
- the pod's namespace
- properties:
- key:
- description: The key of the secret to
- select from. Must be a valid secret
- key.
- type: string
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret
- or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: |-
- List of sources to populate environment variables in the container.
- The keys defined within a source must be a C_IDENTIFIER. All invalid keys
- will be reported as an event when the container is starting. When a key exists in multiple
- sources, the value associated with the last source will take precedence.
- Values defined by an Env with a duplicate key will take precedence.
- Cannot be updated.
- items:
- description: EnvFromSource represents the source of
- a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to prepend
- to each key in the ConfigMap. Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: Specify whether the Secret must
- be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: |-
- Container image name.
- More info: https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level config management to default or override
- container images in workload controllers like Deployments and StatefulSets.
- type: string
- imagePullPolicy:
- description: |-
- Image pull policy.
- One of Always, Never, IfNotPresent.
- Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- type: string
- lifecycle:
- description: |-
- Actions that the management system should take in response to container lifecycle events.
- Cannot be updated.
- properties:
- postStart:
- description: |-
- PostStart is called immediately after a container is created. If the handler fails,
- the container is terminated and restarted according to its restart policy.
- Other management of the container blocks until the hook completes.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: |-
- PreStop is called immediately before a container is terminated due to an
- API request or management event such as liveness/startup probe failure,
- preemption, resource contention, etc. The handler is not called if the
- container crashes or exits. The Pod's termination grace period countdown begins before the
- PreStop hook is executed. Regardless of the outcome of the handler, the
- container will eventually terminate within the Pod's termination grace
- period (unless delayed by finalizers). Other management of the container blocks until the hook completes
- or until the termination grace period is reached.
- More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the
- request. HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- sleep:
- description: Sleep represents the duration that
- the container should sleep before being terminated.
- properties:
- seconds:
- description: Seconds is the number of seconds
- to sleep.
- format: int64
- type: integer
- required:
- - seconds
- type: object
- tcpSocket:
- description: |-
- Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
- for the backward compatibility. There are no validation of this field and
- lifecycle hooks will fail in runtime when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: |-
- Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- name:
- description: |-
- Name of the container specified as a DNS_LABEL.
- Each container in a pod must have a unique name (DNS_LABEL).
- Cannot be updated.
- type: string
- ports:
- description: |-
- List of ports to expose from the container. Not specifying a port here
- DOES NOT prevent that port from being exposed. Any port which is
- listening on the default "0.0.0.0" address inside a container will be
- accessible from the network.
- Modifying this array with strategic merge patch may corrupt the data.
- For more information See https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network port
- in a single container.
- properties:
- containerPort:
- description: |-
- Number of port to expose on the pod's IP address.
- This must be a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the external
- port to.
- type: string
- hostPort:
- description: |-
- Number of port to expose on the host.
- If specified, this must be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must match ContainerPort.
- Most containers do not need this.
- format: int32
- type: integer
- name:
- description: |-
- If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
- named port in a pod must have a unique name. Name for the port that can be
- referred to by services.
- type: string
- protocol:
- default: TCP
- description: |-
- Protocol for port. Must be UDP, TCP, or SCTP.
- Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: |-
- Periodic probe of container service readiness.
- Container will be removed from service endpoints if the probe fails.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- resizePolicy:
- description: Resources resize policy for the container.
- items:
- description: ContainerResizePolicy represents resource
- resize policy for the container.
- properties:
- resourceName:
- description: |-
- Name of the resource to which this resource resize policy applies.
- Supported values: cpu, memory.
- type: string
- restartPolicy:
- description: |-
- Restart policy to apply when specified resource is resized.
- If not specified, it defaults to NotRequired.
- type: string
- required:
- - resourceName
- - restartPolicy
- type: object
- type: array
- x-kubernetes-list-type: atomic
- resources:
- description: |-
- Compute Resources required by this container.
- Cannot be updated.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- properties:
- claims:
- description: |-
- Claims lists the names of resources, defined in spec.resourceClaims,
- that are used by this container.
-
-
- This is an alpha field and requires enabling the
- DynamicResourceAllocation feature gate.
-
-
- This field is immutable. It can only be set for containers.
- items:
- description: ResourceClaim references one entry
- in PodSpec.ResourceClaims.
- properties:
- name:
- description: |-
- Name must match the name of one entry in pod.spec.resourceClaims of
- the Pod where this field is used. It makes that resource available
- inside a container.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- restartPolicy:
- description: |-
- RestartPolicy defines the restart behavior of individual containers in a pod.
- This field may only be set for init containers, and the only allowed value is "Always".
- For non-init containers or when this field is not specified,
- the restart behavior is defined by the Pod's restart policy and the container type.
- Setting the RestartPolicy as "Always" for the init container will have the following effect:
- this init container will be continually restarted on
- exit until all regular containers have terminated. Once all regular
- containers have completed, all init containers with restartPolicy "Always"
- will be shut down. This lifecycle differs from normal init containers and
- is often referred to as a "sidecar" container. Although this init
- container still starts in the init container sequence, it does not wait
- for the container to complete before proceeding to the next init
- container. Instead, the next init container starts immediately after this
- init container is started, or after any startupProbe has successfully
- completed.
- type: string
- securityContext:
- description: |-
- SecurityContext defines the security options the container should be run with.
- If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- properties:
- allowPrivilegeEscalation:
- description: |-
- AllowPrivilegeEscalation controls whether a process can gain more
- privileges than its parent process. This bool directly controls if
- the no_new_privs flag will be set on the container process.
- AllowPrivilegeEscalation is true always when the container is:
- 1) run as Privileged
- 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- capabilities:
- description: |-
- The capabilities to add/drop when running containers.
- Defaults to the default set of capabilities granted by the container runtime.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent POSIX capabilities
- type
- type: string
- type: array
- type: object
- privileged:
- description: |-
- Run container in privileged mode.
- Processes in privileged containers are essentially equivalent to root on the host.
- Defaults to false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- procMount:
- description: |-
- procMount denotes the type of proc mount to use for the containers.
- The default is DefaultProcMount which uses the container runtime defaults for
- readonly paths and masked paths.
- This requires the ProcMountType feature flag to be enabled.
- Note that this field cannot be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: |-
- Whether this container has a read-only root filesystem.
- Default is false.
- Note that this field cannot be set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: |-
- The GID to run the entrypoint of the container process.
- Uses runtime default if unset.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: |-
- Indicates that the container must run as a non-root user.
- If true, the Kubelet will validate the image at runtime to ensure that it
- does not run as UID 0 (root) and fail to start the container if it does.
- If unset or false, no such validation will be performed.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: boolean
- runAsUser:
- description: |-
- The UID to run the entrypoint of the container process.
- Defaults to user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: |-
- The SELinux context to be applied to the container.
- If unspecified, the container runtime will allocate a random SELinux context for each
- container. May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label that
- applies to the container.
- type: string
- role:
- description: Role is a SELinux role label that
- applies to the container.
- type: string
- type:
- description: Type is a SELinux type label that
- applies to the container.
- type: string
- user:
- description: User is a SELinux user label that
- applies to the container.
- type: string
- type: object
- seccompProfile:
- description: |-
- The seccomp options to use by this container. If seccomp options are
- provided at both the pod & container level, the container options
- override the pod options.
- Note that this field cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: |-
- localhostProfile indicates a profile defined in a file on the node should be used.
- The profile must be preconfigured on the node to work.
- Must be a descending path, relative to the kubelet's configured seccomp profile location.
- Must be set if type is "Localhost". Must NOT be set for any other type.
- type: string
- type:
- description: |-
- type indicates which kind of seccomp profile will be applied.
- Valid options are:
-
-
- Localhost - a profile defined in a file on the node should be used.
- RuntimeDefault - the container runtime default profile should be used.
- Unconfined - no profile should be applied.
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: |-
- The Windows specific settings applied to all containers.
- If unspecified, the options from the PodSecurityContext will be used.
- If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
- Note that this field cannot be set when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: |-
- GMSACredentialSpec is where the GMSA admission webhook
- (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
- GMSA credential spec named by the GMSACredentialSpecName field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the name
- of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: |-
- HostProcess determines if a container should be run as a 'Host Process' container.
- All of a Pod's containers must have the same effective HostProcess value
- (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
- In addition, if HostProcess is true then HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: |-
- The UserName in Windows to run the entrypoint of the container process.
- Defaults to the user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If set in both SecurityContext and
- PodSecurityContext, the value specified in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: |-
- StartupProbe indicates that the Pod has successfully initialized.
- If specified, no other probes are executed until this completes successfully.
- If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
- This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
- when it might take a long time to load data or warm a cache, than during steady-state operation.
- This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- properties:
- exec:
- description: Exec specifies the action to take.
- properties:
- command:
- description: |-
- Command is the command line to execute inside the container, the working directory for the
- command is root ('/') in the container's filesystem. The command is simply exec'd, it is
- not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
- a shell, you need to explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: |-
- Minimum consecutive failures for the probe to be considered failed after having succeeded.
- Defaults to 3. Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port.
- properties:
- port:
- description: Port number of the gRPC service.
- Number must be in the range 1 to 65535.
- format: int32
- type: integer
- service:
- description: |-
- Service is the name of the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
-
-
- If this is not specified, the default behavior is defined by gRPC.
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http request
- to perform.
- properties:
- host:
- description: |-
- Host name to connect to, defaults to the pod IP. You probably want to set
- "Host" in httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set in the request.
- HTTP allows repeated headers.
- items:
- description: HTTPHeader describes a custom
- header to be used in HTTP probes
- properties:
- name:
- description: |-
- The header field name.
- This will be canonicalized upon output, so case-variant names will be understood as the same header.
- type: string
- value:
- description: The header field value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Name or number of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: |-
- Scheme to use for connecting to the host.
- Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: |-
- Number of seconds after the container has started before liveness probes are initiated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- periodSeconds:
- description: |-
- How often (in seconds) to perform the probe.
- Default to 10 seconds. Minimum value is 1.
- format: int32
- type: integer
- successThreshold:
- description: |-
- Minimum consecutive successes for the probe to be considered successful after having failed.
- Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action involving
- a TCP port.
- properties:
- host:
- description: 'Optional: Host name to connect
- to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: |-
- Number or name of the port to access on the container.
- Number must be in the range 1 to 65535.
- Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: |-
- Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
- The grace period is the duration in seconds after the processes running in the pod are sent
- a termination signal and the time when the processes are forcibly halted with a kill signal.
- Set this value longer than the expected cleanup time for your process.
- If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
- value overrides the value provided by the pod spec.
- Value must be non-negative integer. The value zero indicates stop immediately via
- the kill signal (no opportunity to shut down).
- This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: |-
- Number of seconds after which the probe times out.
- Defaults to 1 second. Minimum value is 1.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- format: int32
- type: integer
- type: object
- stdin:
- description: |-
- Whether this container should allocate a buffer for stdin in the container runtime. If this
- is not set, reads from stdin in the container will always result in EOF.
- Default is false.
- type: boolean
- stdinOnce:
- description: |-
- Whether the container runtime should close the stdin channel after it has been opened by
- a single attach. When stdin is true the stdin stream will remain open across multiple attach
- sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
- first client attaches to stdin, and then remains open and accepts data until the client disconnects,
- at which time stdin is closed and remains closed until the container is restarted. If this
- flag is false, a container processes that reads from stdin will never receive an EOF.
- Default is false
- type: boolean
- terminationMessagePath:
- description: |-
- Optional: Path at which the file to which the container's termination message
- will be written is mounted into the container's filesystem.
- Message written is intended to be brief final status, such as an assertion failure message.
- Will be truncated by the node if greater than 4096 bytes. The total message length across
- all containers will be limited to 12kb.
- Defaults to /dev/termination-log.
- Cannot be updated.
- type: string
- terminationMessagePolicy:
- description: |-
- Indicate how the termination message should be populated. File will use the contents of
- terminationMessagePath to populate the container status message on both success and failure.
- FallbackToLogsOnError will use the last chunk of container log output if the termination
- message file is empty and the container exited with an error.
- The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
- Defaults to File.
- Cannot be updated.
- type: string
- tty:
- description: |-
- Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
- Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block devices
- to be used by the container.
- items:
- description: volumeDevice describes a mapping of a
- raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside of
- the container that the device will be mapped
- to.
- type: string
- name:
- description: name must match the name of a persistentVolumeClaim
- in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: |-
- Pod volumes to mount into the container's filesystem.
- Cannot be updated.
- items:
- description: VolumeMount describes a mounting of a
- Volume within a container.
- properties:
- mountPath:
- description: |-
- Path within the container at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: |-
- mountPropagation determines how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is used.
- This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name of a Volume.
- type: string
- readOnly:
- description: |-
- Mounted read-only if true, read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: |-
- Path within the volume from which the container's volume should be mounted.
- Defaults to "" (volume's root).
- type: string
- subPathExpr:
- description: |-
- Expanded path within the volume from which the container's volume should be mounted.
- Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
- Defaults to "" (volume's root).
- SubPathExpr and SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: |-
- Container's working directory.
- If not specified, the container runtime's default will be used, which
- might be configured in the container image.
- Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- volumes:
- description: |-
- List of volumes that can be mounted by containers belonging to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes
- items:
- description: Volume represents a named volume in a pod that
- may be accessed by any container in the pod.
- properties:
- awsElasticBlockStore:
- description: |-
- awsElasticBlockStore represents an AWS Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly value true will force the readOnly setting in VolumeMounts.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: boolean
- volumeID:
- description: |-
- volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data Disk
- mount on the host and bind mount to the pod.
- properties:
- cachingMode:
- description: 'cachingMode is the Host Caching mode:
- None, Read Only, Read Write.'
- type: string
- diskName:
- description: diskName is the Name of the data disk
- in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data disk in
- the blob storage
- type: string
- fsType:
- description: |-
- fsType is Filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- kind:
- description: 'kind expected values are Shared: multiple
- blob disks per storage account Dedicated: single
- blob disk per storage account Managed: azure
- managed data disk (only in managed availability
- set). defaults to shared'
- type: string
- readOnly:
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File Service
- mount on the host and bind mount to the pod.
- properties:
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of secret that
- contains Azure Storage Account Name and Key
- type: string
- shareName:
- description: shareName is the azure share Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount on the
- host that shares a pod's lifetime
- properties:
- monitors:
- description: |-
- monitors is Required: Monitors is a collection of Ceph monitors
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- items:
- type: string
- type: array
- path:
- description: 'path is Optional: Used as the mounted
- root, rather than the full Ceph tree, default
- is /'
- type: string
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: boolean
- secretFile:
- description: |-
- secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- secretRef:
- description: |-
- secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: |-
- user is optional: User is the rados user name, default is admin
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: |-
- cinder represents a cinder volume attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: boolean
- secretRef:
- description: |-
- secretRef is optional: points to a secret object containing parameters used to connect
- to OpenStack.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: |-
- volumeID used to identify the volume in cinder.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap that should
- populate this volume
- properties:
- defaultMode:
- description: |-
- defaultMode is optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional specify whether the ConfigMap
- or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface) represents
- ephemeral storage that is handled by certain external
- CSI drivers (Beta feature).
- properties:
- driver:
- description: |-
- driver is the name of the CSI driver that handles this volume.
- Consult with your admin for the correct name as registered in the cluster.
- type: string
- fsType:
- description: |-
- fsType to mount. Ex. "ext4", "xfs", "ntfs".
- If not provided, the empty value is passed to the associated CSI driver
- which will determine the default filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: |-
- nodePublishSecretRef is a reference to the secret object containing
- sensitive information to pass to the CSI driver to complete the CSI
- NodePublishVolume and NodeUnpublishVolume calls.
- This field is optional, and may be empty if no secret is required. If the
- secret object contains more than one secret, all secret references are passed.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: |-
- readOnly specifies a read-only configuration for the volume.
- Defaults to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: |-
- volumeAttributes stores driver-specific properties that are passed to the CSI
- driver. Consult your driver's documentation for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward API about
- the pod that should populate this volume
- properties:
- defaultMode:
- description: |-
- Optional: mode bits to use on created files by default. Must be a
- Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: Items is a list of downward API volume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing the
- pod field
- properties:
- fieldRef:
- description: 'Required: Selects a field of
- the pod: only annotations, labels, name
- and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema the
- FieldPath is written in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of the field to select
- in the specified API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the relative
- path name of the file to be created. Must
- not be absolute or contain the ''..'' path.
- Must be utf-8 encoded. The first item of
- the relative path must not start with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name: required
- for volumes, optional for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output format
- of the exposed resources, defaults to
- "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: |-
- emptyDir represents a temporary directory that shares a pod's lifetime.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- properties:
- medium:
- description: |-
- medium represents what type of storage medium should back this directory.
- The default is "" which means to use the node's default medium.
- Must be an empty string (default) or Memory.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: |-
- sizeLimit is the total amount of local storage required for this EmptyDir volume.
- The size limit is also applicable for memory medium.
- The maximum usage on memory medium EmptyDir would be the minimum value between
- the SizeLimit specified here and the sum of memory limits of all containers in a pod.
- The default is nil which means that the limit is undefined.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: |-
- ephemeral represents a volume that is handled by a cluster storage driver.
- The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
- and deleted when the pod is removed.
-
-
- Use this if:
- a) the volume is only needed while the pod runs,
- b) features of normal volumes like restoring from snapshot or capacity
- tracking are needed,
- c) the storage driver is specified through a storage class, and
- d) the storage driver supports dynamic volume provisioning through
- a PersistentVolumeClaim (see EphemeralVolumeSource for more
- information on the connection between this volume type
- and PersistentVolumeClaim).
-
-
- Use PersistentVolumeClaim or one of the vendor-specific
- APIs for volumes that persist for longer than the lifecycle
- of an individual pod.
-
-
- Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
- be used that way - see the documentation of the driver for
- more information.
-
-
- A pod can use both types of ephemeral volumes and
- persistent volumes at the same time.
- properties:
- volumeClaimTemplate:
- description: |-
- Will be used to create a stand-alone PVC to provision the volume.
- The pod in which this EphemeralVolumeSource is embedded will be the
- owner of the PVC, i.e. the PVC will be deleted together with the
- pod. The name of the PVC will be `<pod name>-<volume name>` where
- `<volume name>` is the name from the `PodSpec.Volumes` array
- entry. Pod validation will reject the pod if the concatenated name
- is not valid for a PVC (for example, too long).
-
-
- An existing PVC with that name that is not owned by the pod
- will *not* be used for the pod to avoid using an unrelated
- volume by mistake. Starting the pod is then blocked until
- the unrelated PVC is removed. If such a pre-created PVC is
- meant to be used by the pod, the PVC has to updated with an
- owner reference to the pod once the pod exists. Normally
- this should not be necessary, but it may be useful when
- manually reconstructing a broken cluster.
-
-
- This field is read-only and no changes will be made by Kubernetes
- to the PVC after it has been created.
-
-
- Required, must not be nil.
- properties:
- metadata:
- description: |-
- May contain labels and annotations that will be copied into the PVC
- when creating it. No other fields are allowed and will be rejected during
- validation.
- type: object
- spec:
- description: |-
- The specification for the PersistentVolumeClaim. The entire content is
- copied unchanged into the PVC that gets created from this
- template. The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: |-
- accessModes contains the desired access modes the volume should have.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- items:
- type: string
- type: array
- dataSource:
- description: |-
- dataSource field can be used to specify either:
- * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external controller can support the specified data source,
- it will create a new volume based on the contents of the specified data source.
- When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
- and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
- If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: |-
- dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
- volume is desired. This may be any object from a non-empty API group (non
- core object) or a PersistentVolumeClaim object.
- When this field is specified, volume binding will only succeed if the type of
- the specified object matches some installed volume populator or dynamic
- provisioner.
- This field will replace the functionality of the dataSource field and as such
- if both fields are non-empty, they must have the same value. For backwards
- compatibility, when namespace isn't specified in dataSourceRef,
- both fields (dataSource and dataSourceRef) will be set to the same
- value automatically if one of them is empty and the other is non-empty.
- When namespace is specified in dataSourceRef,
- dataSource isn't set to the same value and must be empty.
- There are three important differences between dataSource and dataSourceRef:
- * While dataSource only allows two specific types of objects, dataSourceRef
- allows any non-core object, as well as PersistentVolumeClaim objects.
- * While dataSource ignores disallowed values (dropping them), dataSourceRef
- preserves all values, and generates an error if a disallowed value is
- specified.
- * While dataSource only allows local objects, dataSourceRef allows objects
- in any namespaces.
- (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
- (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- properties:
- apiGroup:
- description: |-
- APIGroup is the group for the resource being referenced.
- If APIGroup is not specified, the specified Kind must be in the core API group.
- For any other third-party types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type of resource
- being referenced
- type: string
- name:
- description: Name is the name of resource
- being referenced
- type: string
- namespace:
- description: |-
- Namespace is the namespace of resource being referenced
- Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
- (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- type: string
- required:
- - kind
- - name
- type: object
- resources:
- description: |-
- resources represents the minimum resources the volume should have.
- If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
- that are lower than previous value but must still be higher than capacity recorded in the
- status field of the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Limits describes the maximum amount of compute resources allowed.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: |-
- Requests describes the minimum amount of compute resources required.
- If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
- otherwise to an implementation-defined value. Requests cannot exceed Limits.
- More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- type: object
- type: object
- selector:
- description: selector is a label query over
- volumes to consider for binding.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The
- requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: |-
- storageClassName is the name of the StorageClass required by the claim.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- type: string
- volumeAttributesClassName:
- description: |-
- volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
- If specified, the CSI driver will create or update the volume with the attributes defined
- in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
- it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
- will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
- If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
- will be set by the persistentvolume controller if it exists.
- If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
- set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
- exists.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
- (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
- type: string
- volumeMode:
- description: |-
- volumeMode defines what type of volume is required by the claim.
- Value of Filesystem is implied when not included in claim spec.
- type: string
- volumeName:
- description: volumeName is the binding reference
- to the PersistentVolume backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine and then
- exposed to the pod.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- lun:
- description: 'lun is Optional: FC target lun number'
- format: int32
- type: integer
- readOnly:
- description: |-
- readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- targetWWNs:
- description: 'targetWWNs is Optional: FC target
- worldwide names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: |-
- wwids Optional: FC volume world wide identifiers (wwids)
- Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: |-
- flexVolume represents a generic volume resource that is
- provisioned/attached using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver to
- use for this volume.
- type: string
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'options is Optional: this field holds
- extra command options if any.'
- type: object
- readOnly:
- description: |-
- readOnly is Optional: defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef is Optional: secretRef is reference to the secret object containing
- sensitive information to pass to the plugin scripts. This may be
- empty if no secret object is specified. If the secret object
- contains more than one secret, all secrets are passed to the plugin
- scripts.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume attached
- to a kubelet's host machine. This depends on the Flocker
- control service being running
- properties:
- datasetName:
- description: |-
- datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
- should be considered as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of the dataset.
- This is unique identifier of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: |-
- gcePersistentDisk represents a GCE Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- properties:
- fsType:
- description: |-
- fsType is filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- partition:
- description: |-
- partition is the partition in the volume that you want to mount.
- If omitted, the default is to mount by volume name.
- Examples: For volume /dev/sda1, you specify the partition as "1".
- Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- format: int32
- type: integer
- pdName:
- description: |-
- pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: |-
- gitRepo represents a git repository at a particular revision.
- DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
- EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
- into the Pod's container.
- properties:
- directory:
- description: |-
- directory is the target directory name.
- Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
- git repository. Otherwise, if specified, the volume will contain the git repository in
- the subdirectory with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash for the
- specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: |-
- glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md
- properties:
- endpoints:
- description: |-
- endpoints is the endpoint name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- path:
- description: |-
- path is the Glusterfs volume path.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: string
- readOnly:
- description: |-
- readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: |-
- hostPath represents a pre-existing file or directory on the host
- machine that is directly exposed to the container. This is generally
- used for system agents or other privileged things that are allowed
- to see the host machine. Most containers will NOT need this.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- ---
- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
- mount host directories as read/write.
- properties:
- path:
- description: |-
- path of the directory on the host.
- If the path is a symlink, it will follow the link to the real path.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- type:
- description: |-
- type for HostPath Volume
- Defaults to ""
- More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- type: string
- required:
- - path
- type: object
- iscsi:
- description: |-
- iscsi represents an ISCSI Disk resource that is attached to a
- kubelet's host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether support
- iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether support
- iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- initiatorName:
- description: |-
- initiatorName is the custom iSCSI Initiator Name.
- If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
- <target portal>:<volume name> will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified Name.
- type: string
- iscsiInterface:
- description: |-
- iscsiInterface is the interface Name that uses an iSCSI transport.
- Defaults to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target Lun number.
- format: int32
- type: integer
- portals:
- description: |-
- portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret for iSCSI
- target and initiator authentication
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: |-
- targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
- is other than default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: |-
- name of the volume.
- Must be a DNS_LABEL and unique within the pod.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- type: string
- nfs:
- description: |-
- nfs represents an NFS mount on the host that shares a pod's lifetime
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- properties:
- path:
- description: |-
- path that is exported by the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- readOnly:
- description: |-
- readOnly here will force the NFS export to be mounted with read-only permissions.
- Defaults to false.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: boolean
- server:
- description: |-
- server is the hostname or IP address of the NFS server.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: |-
- persistentVolumeClaimVolumeSource represents a reference to a
- PersistentVolumeClaim in the same namespace.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- properties:
- claimName:
- description: |-
- claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
- More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
- type: string
- readOnly:
- description: |-
- readOnly Will force the ReadOnly setting in VolumeMounts.
- Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents a PhotonController
- persistent disk attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies Photon
- Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fSType represents the filesystem type to mount
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies a Portworx
- volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one resources
- secrets, configmaps, and downward API
- properties:
- defaultMode:
- description: |-
- defaultMode are the mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- clusterTrustBundle:
- description: |-
- ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
- of ClusterTrustBundle objects in an auto-updating file.
-
-
- Alpha, gated by the ClusterTrustBundleProjection feature gate.
-
-
- ClusterTrustBundle objects can either be selected by name, or by the
- combination of signer name and a label selector.
-
-
- Kubelet performs aggressive normalization of the PEM contents written
- into the pod filesystem. Esoteric PEM features such as inter-block
- comments and block headers are stripped. Certificates are deduplicated.
- The ordering of certificates within the file is arbitrary, and Kubelet
- may change the order over time.
- properties:
- labelSelector:
- description: |-
- Select all ClusterTrustBundles that match this label selector. Only has
- effect if signerName is set. Mutually-exclusive with name. If unset,
- interpreted as "match nothing". If set but empty, interpreted as "match
- everything".
- properties:
- matchExpressions:
- description: matchExpressions is a
- list of label selector requirements.
- The requirements are ANDed.
- items:
- description: |-
- A label selector requirement is a selector that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: |-
- operator represents a key's relationship to a set of values.
- Valid operators are In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: |-
- values is an array of string values. If the operator is In or NotIn,
- the values array must be non-empty. If the operator is Exists or DoesNotExist,
- the values array must be empty. This array is replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: |-
- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions, whose key field is "key", the
- operator is "In", and the values array contains only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- name:
- description: |-
- Select a single ClusterTrustBundle by object name. Mutually-exclusive
- with signerName and labelSelector.
- type: string
- optional:
- description: |-
- If true, don't block pod startup if the referenced ClusterTrustBundle(s)
- aren't available. If using name, then the named ClusterTrustBundle is
- allowed not to exist. If using signerName, then the combination of
- signerName and labelSelector is allowed to match zero
- ClusterTrustBundles.
- type: boolean
- path:
- description: Relative path from the volume
- root to write the bundle.
- type: string
- signerName:
- description: |-
- Select all ClusterTrustBundles that match this signer name.
- Mutually-exclusive with name. The contents of all selected
- ClusterTrustBundles will be unified and deduplicated.
- type: string
- required:
- - path
- type: object
- configMap:
- description: configMap information about the
- configMap data to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- ConfigMap will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the ConfigMap,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a
- path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional specify whether
- the ConfigMap or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information about
- the downwardAPI data to project
- properties:
- items:
- description: Items is a list of DownwardAPIVolume
- file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects
- a field of the pod: only annotations,
- labels, name and namespace are
- supported.'
- properties:
- apiVersion:
- description: Version of the
- schema the FieldPath is written
- in terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified
- API version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: |-
- Optional: mode bits used to set permissions on this file, must be an octal value
- between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: 'Required: Path is the
- relative path name of the file
- to be created. Must not be absolute
- or contain the ''..'' path. Must
- be utf-8 encoded. The first item
- of the relative path must not
- start with ''..'''
- type: string
- resourceFieldRef:
- description: |-
- Selects a resource of the container: only resources limits and requests
- (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about the
- secret data to project
- properties:
- items:
- description: |-
- items if unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a
- path within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- optional:
- description: optional field specify whether
- the Secret or its key must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is information
- about the serviceAccountToken data to project
- properties:
- audience:
- description: |-
- audience is the intended audience of the token. A recipient of a token
- must identify itself with an identifier specified in the audience of the
- token, and otherwise should reject the token. The audience defaults to the
- identifier of the apiserver.
- type: string
- expirationSeconds:
- description: |-
- expirationSeconds is the requested duration of validity of the service
- account token. As the token approaches expiration, the kubelet volume
- plugin will proactively rotate the service account token. The kubelet will
- start trying to rotate the token if the token is older than 80 percent of
- its time to live or if the token is older than 24 hours.Defaults to 1 hour
- and must be at least 10 minutes.
- format: int64
- type: integer
- path:
- description: |-
- path is the path relative to the mount point of the file to project the
- token into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount on the
- host that shares a pod's lifetime
- properties:
- group:
- description: |-
- group to map volume access to
- Default is no group
- type: string
- readOnly:
- description: |-
- readOnly here will force the Quobyte volume to be mounted with read-only permissions.
- Defaults to false.
- type: boolean
- registry:
- description: |-
- registry represents a single or multiple Quobyte Registry services
- specified as a string as host:port pair (multiple entries are separated with commas)
- which acts as the central registry for volumes
- type: string
- tenant:
- description: |-
- tenant owning the given Quobyte volume in the Backend
- Used with dynamically provisioned Quobyte volumes, value is set by the plugin
- type: string
- user:
- description: |-
- user to map volume access to
- Defaults to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: |-
- rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md
- properties:
- fsType:
- description: |-
- fsType is the filesystem type of the volume that you want to mount.
- Tip: Ensure that the filesystem type is supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the filesystem from compromising the machine
- type: string
- image:
- description: |-
- image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- keyring:
- description: |-
- keyring is the path to key ring for RBDUser.
- Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- monitors:
- description: |-
- monitors is a collection of Ceph monitors.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- items:
- type: string
- type: array
- pool:
- description: |-
- pool is the rados pool name.
- Default is rbd.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- readOnly:
- description: |-
- readOnly here will force the ReadOnly setting in VolumeMounts.
- Defaults to false.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: boolean
- secretRef:
- description: |-
- secretRef is name of the authentication secret for RBDUser. If provided
- overrides keyring.
- Default is nil.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: |-
- user is the rados user name.
- Default is admin.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs".
- Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address of the
- ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name of the
- ScaleIO Protection Domain for the configured storage.
- type: string
- readOnly:
- description: |-
- readOnly Defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef references to the secret for ScaleIO user and other
- sensitive information. If this is not provided, Login operation will fail.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable SSL
- communication with Gateway, default false
- type: boolean
- storageMode:
- description: |-
- storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
- Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO Storage
- Pool associated with the protection domain.
- type: string
- system:
- description: system is the name of the storage system
- as configured in ScaleIO.
- type: string
- volumeName:
- description: |-
- volumeName is the name of a volume already created in the ScaleIO system
- that is associated with this volume source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: |-
- secret represents a secret that should populate this volume.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- properties:
- defaultMode:
- description: |-
- defaultMode is Optional: mode bits used to set permissions on created files by default.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values
- for mode bits. Defaults to 0644.
- Directories within the path are not affected by this setting.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- items:
- description: |-
- items If unspecified, each key-value pair in the Data field of the referenced
- Secret will be projected into the volume as a file whose name is the
- key and content is the value. If specified, the listed keys will be
- projected into the specified paths, and unlisted keys will not be
- present. If a key is specified which is not present in the Secret,
- the volume setup will error unless it is marked optional. Paths must be
- relative and may not contain the '..' path or start with '..'.
- items:
- description: Maps a string key to a path within
- a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: |-
- mode is Optional: mode bits used to set permissions on this file.
- Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
- YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
- If not specified, the volume defaultMode will be used.
- This might be in conflict with other options that affect the file
- mode, like fsGroup, and the result can be other mode bits set.
- format: int32
- type: integer
- path:
- description: |-
- path is the relative path of the file to map the key to.
- May not be an absolute path.
- May not contain the path element '..'.
- May not start with the string '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether the
- Secret or its keys must be defined
- type: boolean
- secretName:
- description: |-
- secretName is the name of the secret in the pod's namespace to use.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS volume
- attached and mounted on Kubernetes nodes.
- properties:
- fsType:
- description: |-
- fsType is the filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- readOnly:
- description: |-
- readOnly defaults to false (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: |-
- secretRef specifies the secret to use for obtaining the StorageOS API
- credentials. If not specified, default values will be attempted.
- properties:
- name:
- description: |-
- Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion, kind, uid?
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: |-
- volumeName is the human-readable name of the StorageOS volume. Volume
- names are only unique within a namespace.
- type: string
- volumeNamespace:
- description: |-
- volumeNamespace specifies the scope of the volume within StorageOS. If no
- namespace is specified then the Pod's namespace will be used. This allows the
- Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
- Set VolumeName to any name to override the default behaviour.
- Set to "default" if you are not using namespaces within StorageOS.
- Namespaces that do not pre-exist within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere volume
- attached and mounted on kubelets host machine
- properties:
- fsType:
- description: |-
- fsType is filesystem type to mount.
- Must be a filesystem type supported by the host operating system.
- Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage Policy
- Based Management (SPBM) profile ID associated
- with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage Policy
- Based Management (SPBM) profile name.
- type: string
- volumePath:
- description: volumePath is the path that identifies
- vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- required:
- - containers
- type: object
- type: object
- topology:
- description: |-
- Topology represents the desired topology, it's represented by the 'Nodes' field, a list of nodes where the switches are going to be deployed and a list of bidirectional links,
- selecting the nodes that are going to be linked.
- properties:
- links:
- items:
- type: string
- type: array
- nodes:
- items:
- type: string
- type: array
- required:
- - links
- - nodes
- type: object
- required:
- - networkController
- - switchTemplate
- type: object
- status:
- description: OverlayStatus defines the observed state of Overlay
- properties:
- connectedNeighbors:
- items:
- properties:
- domain:
- description: |-
- Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
- is going to be deployed at.
- type: string
- node:
- description: Name of the cluster the link is going to be made
- upon.
- type: string
- required:
- - domain
- - node
- type: object
- type: array
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
----
apiVersion: v1
kind: Namespace
metadata:
@@ -18899,8 +9617,8 @@ spec:
- /manager
env:
- name: CONTROLLER_IP
- value: 10.152.183.3
- image: alexdecb/l2sm-operator:2.4
+ value: l2sm-controller-service.default.svc.cluster.local
+ image: alexdecb/l2sm-controller-manager:2.4
livenessProbe:
httpGet:
path: /healthz
diff --git a/deployments/custom-installation/deployOperator.yaml b/deployments/custom-installation/deployOperator.yaml
index 2e7aba8fcbf5b018dce8bf16129d9a95cab5d620..ff8ecab7effdb1e8e542bf4579566dd391c6fcf9 100644
--- a/deployments/custom-installation/deployOperator.yaml
+++ b/deployments/custom-installation/deployOperator.yaml
@@ -28,35 +28,20 @@ spec:
done;
sleep 5;
containers:
- - image: alexdecb/l2sm-operator:2.3
+ - image: alexdecb/l2sm-operator:2.4
name: l2sm-opt-pod
env:
- name: CONTROLLER_IP
value: l2sm-controller-service
- #imagePullPolicy: Always
- - name: mysql
- image: mysql:5.7
- envFrom:
- - secretRef:
- name: mysql-secret
- ports:
- - containerPort: 3306
- name: mysql
- volumeMounts:
- - name: mysql-persistent-storage
- mountPath: /var/lib/mysql
- - name: initdb-volume
- mountPath: /docker-entrypoint-initdb.d
- volumes:
- - name: mysql-persistent-storage
- persistentVolumeClaim:
- claimName: mysql-pv-claim
- - name: initdb-volume
- configMap:
- name: mysql-schema
- items:
- - key: init.sql
- path: init.sql
+ - name: DATABASE_IP
+ value: mysql-development-service
+ - name: MYSQL_USER
+ value: l2sm
+ - name: MYSQL_PASSWORD
+ value: l2sm
+ - name: MYSQL_DATABASE
+ value: l2sm
+ # imagePullPolicy: Always
nodeSelector:
dedicated: master
tolerations:
@@ -77,68 +62,5 @@ spec:
targetPort: 8080
selector:
l2sm-component: l2sm-opt
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: mysql-schema
-data:
- init.sql: |
-
- CREATE DATABASE IF NOT EXISTS l2sm;
- USE l2sm;
-
- CREATE TABLE networks (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255) NOT NULL,
- type ENUM('vlink', 'vnet', 'ext-vnet') NOT NULL,
- UNIQUE KEY unique_network_name (name, type)
- );
-
- CREATE TABLE switches (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE neds (
- id INT PRIMARY KEY AUTO_INCREMENT,
- node_name VARCHAR(255) NOT NULL,
- provider VARCHAR(255) NOT NULL,
- openflowId TEXT,
- ip VARCHAR(15)
- );
-
- CREATE TABLE interfaces (
- id INT PRIMARY KEY AUTO_INCREMENT,
- name VARCHAR(255),
- pod VARCHAR(255),
- switch_id INT,
- ned_id INT,
- network_id INT,
- FOREIGN KEY (switch_id) REFERENCES switches(id),
- FOREIGN KEY (ned_id) REFERENCES neds(id),
- FOREIGN KEY (network_id) REFERENCES networks(id)
- );
-
- -- Define the one-to-many relationship between switches and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_switch_interface
- FOREIGN KEY (switch_id)
- REFERENCES switches(id);
-
- -- Define the one-to-many relationship between neds and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_ned_interface
- FOREIGN KEY (ned_id)
- REFERENCES neds(id);
-
- -- Define the many-to-one relationship between networks and interfaces
- ALTER TABLE interfaces
- ADD CONSTRAINT fk_network_interface
- FOREIGN KEY (network_id)
- REFERENCES networks(id);
-
diff --git a/deployments/custom-installation/deploySwitch.yaml b/deployments/custom-installation/deploySwitch.yaml
index ec23dd7de08b4a616a9619027d134de5f46d5a39..e5ddc8dceff931950ccdd0883db33ccaffba9663 100644
--- a/deployments/custom-installation/deploySwitch.yaml
+++ b/deployments/custom-installation/deploySwitch.yaml
@@ -22,21 +22,22 @@ spec:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
- # initContainers:
- # - name: wait-for-l2sm-operator
- # image: curlimages/curl
- # args:
- # - /bin/sh
- # - -c
- # - >
- # set -x;
- # while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- # sleep 15;
- # done;
- # sleep 5;
+ initContainers:
+ - name: wait-for-l2sm-operator
+ image: curlimages/curl
+ args:
+ - /bin/sh
+ - -c
+ - >
+ set -x;
+ while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
+ sleep 15;
+ done;
+ sleep 5;
containers:
- name: l2sm-switch
image: alexdecb/l2sm-switch:2.4
+ # imagePullPolicy: Always
#args: ["setup_switch.sh && sleep infinity"]
env:
- name: NODENAME
diff --git a/deployments/custom-installation/interfaces_definitions/test/poda.yaml b/deployments/custom-installation/interfaces_definitions/test/poda.yaml
deleted file mode 100644
index c22dd4d8fe5a133232f428de285183c865bcf609..0000000000000000000000000000000000000000
--- a/deployments/custom-installation/interfaces_definitions/test/poda.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: poda
- labels:
- app: ping-pong
- annotations:
- k8s.v1.cni.cncf.io/networks: '[
- { "name": "ptp1",
- "ips": ["192.168.1.6/16"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- #nodeName: workerk8s
diff --git a/deployments/custom-installation/interfaces_definitions/test/podb.yaml b/deployments/custom-installation/interfaces_definitions/test/podb.yaml
deleted file mode 100644
index e5c9084816ab5f079952fe51f8cc301102f35e3e..0000000000000000000000000000000000000000
--- a/deployments/custom-installation/interfaces_definitions/test/podb.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: podb
- labels:
- app: ping-pong
- annotations:
- k8s.v1.cni.cncf.io/networks: '[
- { "name": "ptp1",
- "ips": ["fe80::58d0:b8ff:fe42:debf/64"]
- }]'
-spec:
- containers:
- - name: router
- command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
- image: alpine:latest
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- # Use this parameter if you want to place the pod in a specific node
- #nodeName: workerk8s
diff --git a/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml b/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml
deleted file mode 100644
index c2b261ac27dbd16ee3462f17b2ea90ec44e0c54e..0000000000000000000000000000000000000000
--- a/deployments/custom-installation/interfaces_definitions/test/ptp1.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "name":"veth1",
- "mtu": 1400,
- "device":"veth1",
- "ipam": {
- "type":"static"
- }
- }'
\ No newline at end of file
diff --git a/deployments/inter-cluster/inter-veths.yaml b/deployments/inter-cluster/inter-veths.yaml
deleted file mode 100644
index e34b87e78b9dddd2f4223bec435a0cf099f76765..0000000000000000000000000000000000000000
--- a/deployments/inter-cluster/inter-veths.yaml
+++ /dev/null
@@ -1,131 +0,0 @@
-
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth1
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br1",
- "mtu": 1400,
- "device": "inter-veth1"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth2
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br2",
- "mtu": 1400,
- "device": "inter-veth2"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth3
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br3",
- "mtu": 1400,
- "device": "inter-veth3"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth4
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br4",
- "mtu": 1400,
- "device": "inter-veth4"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth5
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br5",
- "mtu": 1400,
- "device": "inter-veth5"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth6
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br6",
- "mtu": 1400,
- "device": "inter-veth6"
- }'
----
-
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth7
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br7",
- "mtu": 1400,
- "device": "inter-veth7"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth8
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br8",
- "mtu": 1400,
- "device": "inter-veth8"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth9
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br9",
- "mtu": 1400,
- "device": "inter-veth9"
- }'
----
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: inter-veth10
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "inter-br10",
- "mtu": 1400,
- "device": "inter-veth10"
- }'
\ No newline at end of file
diff --git a/deployments/inter-cluster/l2sm-network-crd.yaml b/deployments/inter-cluster/l2sm-network-crd.yaml
deleted file mode 100644
index 229bfbed031fa21775a4faee08b28d85402db6aa..0000000000000000000000000000000000000000
--- a/deployments/inter-cluster/l2sm-network-crd.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: l2sm-networks.l2sm.k8s.local
-spec:
- group: l2sm.k8s.local
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- type:
- type: string
- config:
- type: string
- nullable: true
- signature:
- type: string
- nullable: true
- status:
- type: object
- properties:
- connectedPods:
- type: array
- items:
- type: string
- scope: Namespaced
- names:
- plural: l2sm-networks
- singular: l2sm-network
- kind: L2SMNetwork
- shortNames:
- - l2sm-net
diff --git a/deployments/inter-cluster/ned.yaml b/deployments/inter-cluster/ned.yaml
deleted file mode 100644
index d77dbcd3632b41a3ad37d67feaeda75825de12aa..0000000000000000000000000000000000000000
--- a/deployments/inter-cluster/ned.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
- name: ned
- labels:
- app: l2sm
-spec:
- hostNetwork: true
- initContainers:
- - name: wait-for-l2sm-operator
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - name: mycontainer
- image: alexdecb/l2sm-switch:2.2
- command: ["sleep", "infinity"]
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeSelector:
- dedicated: master
\ No newline at end of file
diff --git a/deployments/l2sm-deployment.yaml b/deployments/l2sm-deployment.yaml
index 5a9c1f10907716857109f4e6eb8b81cb724e18e8..ea4fc60733ce15ca733968719fd1df224381b30f 100644
--- a/deployments/l2sm-deployment.yaml
+++ b/deployments/l2sm-deployment.yaml
@@ -1,3 +1,9841 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: l2sm-controller
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: l2sm-controller
+ template:
+ metadata:
+ labels:
+ app: l2sm-controller
+ spec:
+ containers:
+ - name: l2sm-controller
+ image: alexdecb/l2sm-controller:2.4
+ readinessProbe:
+ httpGet:
+ path: /onos/ui
+ port: 8181
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ ports:
+ - containerPort: 6633
+ - containerPort: 8181
+ # imagePullPolicy: Always
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: l2sm-controller-service
+spec:
+ selector:
+ app: l2sm-controller
+ ports:
+ - name: of13-port
+ protocol: TCP
+ port: 6633
+ targetPort: 6633
+ - name: http-port
+ protocol: TCP
+ port: 8181
+ targetPort: 8181
+ type: ClusterIP
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ labels:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: system
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: namespace
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: l2networks.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: L2Network
+ listKind: L2NetworkList
+ plural: l2networks
+ singular: l2network
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Internal SDN Controller Connectivity
+ jsonPath: .status.internalConnectivity
+ name: AVAILABILITY
+ type: string
+ - description: Internal SDN Controller Connectivity
+ jsonPath: .status.connectedPods
+ name: CONNECTED_PODS
+ type: integer
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: L2Network is the Schema for the l2networks API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: L2NetworkSpec defines the desired state of L2Network
+ properties:
+ config:
+ description: Config is an optional field that is meant to be used
+ as additional configuration depending on the type of network. Check
+ each type of network for specific configuration definitions.
+ type: string
+ provider:
+ description: Provider is an optional field representing a provider
+ spec. Check the provider spec definition for more details
+ properties:
+ domain:
+ type: string
+ name:
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ type:
+ description: NetworkType represents the type of network being configured.
+ enum:
+ - ext-vnet
+ - vnet
+ - vlink
+ type: string
+ required:
+ - type
+ type: object
+ status:
+ description: L2NetworkStatus defines the observed state of L2Network
+ properties:
+ connectedPods:
+ description: Existing Pods in the cluster, connected to the specific
+ network
+ items:
+ type: string
+ type: array
+ internalConnectivity:
+ default: Unavailable
+ description: Status of the connectivity to the internal SDN Controller.
+ If there is no connection, internal l2sm-switches won't forward
+ traffic
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ providerConnectivity:
+ description: Status of the connectivity to the external provider SDN
+ Controller. If there is no connectivity, the exisitng l2sm-ned in
+ the cluster won't forward packages to the external clusters.
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ required:
+ - internalConnectivity
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: networkedgedevices.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: NetworkEdgeDevice
+ listKind: NetworkEdgeDeviceList
+ plural: networkedgedevices
+ singular: networkedgedevice
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - description: Availability status of the overlay
+ jsonPath: .status.availability
+ name: STATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: NetworkEdgeDevice is the Schema for the networkedgedevices API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: NetworkEdgeDeviceSpec defines the desired state of NetworkEdgeDevice
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ required:
+ - networkController
+ - switchTemplate
+ type: object
+ status:
+ description: NetworkEdgeDeviceStatus defines the observed state of NetworkEdgeDevice
+ properties:
+ availability:
+ default: Unavailable
+ description: Status of the overlay. Is available when switches are
+ connected between them and with the network Controller.
+ enum:
+ - Available
+ - Unavailable
+ - Unknown
+ type: string
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ openflowId:
+ type: string
+ required:
+ - availability
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: overlays.l2sm.l2sm.k8s.local
+spec:
+ group: l2sm.l2sm.k8s.local
+ names:
+ kind: Overlay
+ listKind: OverlayList
+ plural: overlays
+ singular: overlay
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: Overlay is the Schema for the overlays API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OverlaySpec defines the desired state of Overlay
+ properties:
+ neighbors:
+ description: Field exclusive to the multi-domain overlay type. If
+ specified in other types of overlays, the reosurce will launch
+ an error and won't be created.
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ networkController:
+ description: The SDN Controller that manages the overlay network.
+ Must specify a domain and a name.
+ properties:
+ domain:
+ description: Domain where the controller can be reached at. Must
+ be a valid IP Address or Domain name, reachable from all the
+ nodes where the switches are deployed at.
+ type: string
+ name:
+ description: Name of the Network controller
+ type: string
+ required:
+ - domain
+ - name
+ type: object
+ switchTemplate:
+ description: Template describes the virtual switch pod that will be
+ created.
+ properties:
+ metadata:
+ description: |-
+ Standard object's metadata.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ type: object
+ spec:
+ description: |-
+ Specification of the desired behavior of the pod.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ properties:
+ containers:
+ description: |-
+ List of containers belonging to the pod.
+ Containers cannot currently be added or removed.
+ There must be at least one container in a Pod.
+ Cannot be updated.
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ hostNetwork:
+ description: |-
+ Host networking requested for this pod. Use the host's network namespace.
+ If this option is set, the ports that will be used must be specified.
+ Default to false.
+ type: boolean
+ initContainers:
+ description: |-
+ List of initialization containers belonging to the pod.
+ Init containers are executed in order prior to containers being started. If any
+ init container fails, the pod is considered to have failed and is handled according
+ to its restartPolicy. The name for an init container or normal container must be
+ unique among all containers.
+ Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken into account during scheduling
+ by finding the highest request/limit for each resource type, and then using the max of
+ of that value or the sum of the normal containers. Limits are applied to init containers
+ in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items:
+ description: A single application container that you want
+ to run within a pod.
+ properties:
+ args:
+ description: |-
+ Arguments to the entrypoint.
+ The container image's CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ command:
+ description: |-
+ Entrypoint array. Not executed within a shell.
+ The container image's ENTRYPOINT is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+ cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+ produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot be updated.
+ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ items:
+ type: string
+ type: array
+ env:
+ description: |-
+ List of environment variables to set in the container.
+ Cannot be updated.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: |-
+ List of sources to populate environment variables in the container.
+ The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container is starting. When a key exists in multiple
+ sources, the value associated with the last source will take precedence.
+ Values defined by an Env with a duplicate key will take precedence.
+ Cannot be updated.
+ items:
+ description: EnvFromSource represents the source of
+ a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: Specify whether the Secret must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: |-
+ Container image name.
+ More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config management to default or override
+ container images in workload controllers like Deployments and StatefulSets.
+ type: string
+ imagePullPolicy:
+ description: |-
+ Image pull policy.
+ One of Always, Never, IfNotPresent.
+ Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ type: string
+ lifecycle:
+ description: |-
+ Actions that the management system should take in response to container lifecycle events.
+ Cannot be updated.
+ properties:
+ postStart:
+ description: |-
+ PostStart is called immediately after a container is created. If the handler fails,
+ the container is terminated and restarted according to its restart policy.
+ Other management of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: |-
+ PreStop is called immediately before a container is terminated due to an
+ API request or management event such as liveness/startup probe failure,
+ preemption, resource contention, etc. The handler is not called if the
+ container crashes or exits. The Pod's termination grace period countdown begins before the
+ PreStop hook is executed. Regardless of the outcome of the handler, the
+ container will eventually terminate within the Pod's termination grace
+ period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+ or until the termination grace period is reached.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ sleep:
+ description: Sleep represents the duration that
+ the container should sleep before being terminated.
+ properties:
+ seconds:
+ description: Seconds is the number of seconds
+ to sleep.
+ format: int64
+ type: integer
+ required:
+ - seconds
+ type: object
+ tcpSocket:
+ description: |-
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+ for the backward compatibility. There are no validation of this field and
+ lifecycle hooks will fail in runtime when tcp handler is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: |-
+ Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: |-
+ Name of the container specified as a DNS_LABEL.
+ Each container in a pod must have a unique name (DNS_LABEL).
+ Cannot be updated.
+ type: string
+ ports:
+ description: |-
+ List of ports to expose from the container. Not specifying a port here
+ DOES NOT prevent that port from being exposed. Any port which is
+ listening on the default "0.0.0.0" address inside a container will be
+ accessible from the network.
+ Modifying this array with strategic merge patch may corrupt the data.
+ For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network port
+ in a single container.
+ properties:
+ containerPort:
+ description: |-
+ Number of port to expose on the pod's IP address.
+ This must be a valid port number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: |-
+ Number of port to expose on the host.
+ If specified, this must be a valid port number, 0 < x < 65536.
+ If HostNetwork is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: |-
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+ named port in a pod must have a unique name. Name for the port that can be
+ referred to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: |-
+ Protocol for port. Must be UDP, TCP, or SCTP.
+ Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: |-
+ Periodic probe of container service readiness.
+ Container will be removed from service endpoints if the probe fails.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents resource
+ resize policy for the container.
+ properties:
+ resourceName:
+ description: |-
+ Name of the resource to which this resource resize policy applies.
+ Supported values: cpu, memory.
+ type: string
+ restartPolicy:
+ description: |-
+ Restart policy to apply when specified resource is resized.
+ If not specified, it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: |-
+ Compute Resources required by this container.
+ Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ restartPolicy:
+ description: |-
+ RestartPolicy defines the restart behavior of individual containers in a pod.
+ This field may only be set for init containers, and the only allowed value is "Always".
+ For non-init containers or when this field is not specified,
+ the restart behavior is defined by the Pod's restart policy and the container type.
+ Setting the RestartPolicy as "Always" for the init container will have the following effect:
+ this init container will be continually restarted on
+ exit until all regular containers have terminated. Once all regular
+ containers have completed, all init containers with restartPolicy "Always"
+ will be shut down. This lifecycle differs from normal init containers and
+ is often referred to as a "sidecar" container. Although this init
+ container still starts in the init container sequence, it does not wait
+ for the container to complete before proceeding to the next init
+ container. Instead, the next init container starts immediately after this
+ init container is started, or after any startupProbe has successfully
+ completed.
+ type: string
+ securityContext:
+ description: |-
+ SecurityContext defines the security options the container should be run with.
+ If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ properties:
+ allowPrivilegeEscalation:
+ description: |-
+ AllowPrivilegeEscalation controls whether a process can gain more
+ privileges than its parent process. This bool directly controls if
+ the no_new_privs flag will be set on the container process.
+ AllowPrivilegeEscalation is true always when the container is:
+ 1) run as Privileged
+ 2) has CAP_SYS_ADMIN
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ capabilities:
+ description: |-
+ The capabilities to add/drop when running containers.
+ Defaults to the default set of capabilities granted by the container runtime.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX capabilities
+ type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: |-
+ Run container in privileged mode.
+ Processes in privileged containers are essentially equivalent to root on the host.
+ Defaults to false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: |-
+ procMount denotes the type of proc mount to use for the containers.
+ The default is DefaultProcMount which uses the container runtime defaults for
+ readonly paths and masked paths.
+ This requires the ProcMountType feature flag to be enabled.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: |-
+ Whether this container has a read-only root filesystem.
+ Default is false.
+ Note that this field cannot be set when spec.os.name is windows.
+ type: boolean
+ runAsGroup:
+ description: |-
+ The GID to run the entrypoint of the container process.
+ Uses runtime default if unset.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: |-
+ Indicates that the container must run as a non-root user.
+ If true, the Kubelet will validate the image at runtime to ensure that it
+ does not run as UID 0 (root) and fail to start the container if it does.
+ If unset or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: |-
+ The UID to run the entrypoint of the container process.
+ Defaults to user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: |-
+ The SELinux context to be applied to the container.
+ If unspecified, the container runtime will allocate a random SELinux context for each
+ container. May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: |-
+ The seccomp options to use by this container. If seccomp options are
+ provided at both the pod & container level, the container options
+ override the pod options.
+ Note that this field cannot be set when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: |-
+ localhostProfile indicates a profile defined in a file on the node should be used.
+ The profile must be preconfigured on the node to work.
+ Must be a descending path, relative to the kubelet's configured seccomp profile location.
+ Must be set if type is "Localhost". Must NOT be set for any other type.
+ type: string
+ type:
+ description: |-
+ type indicates which kind of seccomp profile will be applied.
+ Valid options are:
+
+
+ Localhost - a profile defined in a file on the node should be used.
+ RuntimeDefault - the container runtime default profile should be used.
+ Unconfined - no profile should be applied.
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: |-
+ The Windows specific settings applied to all containers.
+ If unspecified, the options from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: |-
+ GMSACredentialSpec is where the GMSA admission webhook
+ (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+ GMSA credential spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: |-
+ HostProcess determines if a container should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+ In addition, if HostProcess is true then HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: |-
+ The UserName in Windows to run the entrypoint of the container process.
+ Defaults to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set in both SecurityContext and
+ PodSecurityContext, the value specified in SecurityContext takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: |-
+ StartupProbe indicates that the Pod has successfully initialized.
+ If specified, no other probes are executed until this completes successfully.
+ If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+ when it might take a long time to load data or warm a cache, than during steady-state operation.
+ This cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: |-
+ Command is the command line to execute inside the container, the working directory for the
+ command is root ('/') in the container's filesystem. The command is simply exec'd, it is
+ not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+ a shell, you need to explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: |-
+ Minimum consecutive failures for the probe to be considered failed after having succeeded.
+ Defaults to 3. Minimum value is 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: |-
+ Service is the name of the service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+ If this is not specified, the default behavior is defined by gRPC.
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: |-
+ Host name to connect to, defaults to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the request.
+ HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: |-
+ The header field name.
+ This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Name or number of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: |-
+ Scheme to use for connecting to the host.
+ Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: |-
+ Number of seconds after the container has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ periodSeconds:
+ description: |-
+ How often (in seconds) to perform the probe.
+ Default to 10 seconds. Minimum value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: |-
+ Minimum consecutive successes for the probe to be considered successful after having failed.
+ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ Number or name of the port to access on the container.
+ Number must be in the range 1 to 65535.
+ Name must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: |-
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+ The grace period is the duration in seconds after the processes running in the pod are sent
+ a termination signal and the time when the processes are forcibly halted with a kill signal.
+ Set this value longer than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+ value overrides the value provided by the pod spec.
+ Value must be non-negative integer. The value zero indicates stop immediately via
+ the kill signal (no opportunity to shut down).
+ This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+ Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: |-
+ Number of seconds after which the probe times out.
+ Defaults to 1 second. Minimum value is 1.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: |-
+ Whether this container should allocate a buffer for stdin in the container runtime. If this
+ is not set, reads from stdin in the container will always result in EOF.
+ Default is false.
+ type: boolean
+ stdinOnce:
+ description: |-
+ Whether the container runtime should close the stdin channel after it has been opened by
+ a single attach. When stdin is true the stdin stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+ first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed until the container is restarted. If this
+ flag is false, a container processes that reads from stdin will never receive an EOF.
+ Default is false
+ type: boolean
+ terminationMessagePath:
+ description: |-
+ Optional: Path at which the file to which the container's termination message
+ will be written is mounted into the container's filesystem.
+ Message written is intended to be brief final status, such as an assertion failure message.
+ Will be truncated by the node if greater than 4096 bytes. The total message length across
+ all containers will be limited to 12kb.
+ Defaults to /dev/termination-log.
+ Cannot be updated.
+ type: string
+ terminationMessagePolicy:
+ description: |-
+ Indicate how the termination message should be populated. File will use the contents of
+ terminationMessagePath to populate the container status message on both success and failure.
+ FallbackToLogsOnError will use the last chunk of container log output if the termination
+ message file is empty and the container exited with an error.
+ The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+ Defaults to File.
+ Cannot be updated.
+ type: string
+ tty:
+ description: |-
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+ Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block devices
+ to be used by the container.
+ items:
+ description: volumeDevice describes a mapping of a
+ raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside of
+ the container that the device will be mapped
+ to.
+ type: string
+ name:
+ description: name must match the name of a persistentVolumeClaim
+ in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: |-
+ Pod volumes to mount into the container's filesystem.
+ Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting of a
+ Volume within a container.
+ properties:
+ mountPath:
+ description: |-
+ Path within the container at which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: |-
+ mountPropagation determines how mounts are propagated from the host
+ to container and the other way around.
+ When not set, MountPropagationNone is used.
+ This field is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a Volume.
+ type: string
+ readOnly:
+ description: |-
+ Mounted read-only if true, read-write otherwise (false or unspecified).
+ Defaults to false.
+ type: boolean
+ subPath:
+ description: |-
+ Path within the volume from which the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: |-
+ Expanded path within the volume from which the container's volume should be mounted.
+ Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+ Defaults to "" (volume's root).
+ SubPathExpr and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: |-
+ Container's working directory.
+ If not specified, the container runtime's default will be used, which
+ might be configured in the container image.
+ Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ volumes:
+ description: |-
+ List of volumes that can be mounted by containers belonging to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes
+ items:
+ description: Volume represents a named volume in a pod that
+ may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: |-
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly value true will force the readOnly setting in VolumeMounts.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: boolean
+ volumeID:
+ description: |-
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data Disk
+ mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching mode:
+ None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data disk
+ in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk in
+ the blob storage
+ type: string
+ fsType:
+ description: |-
+ fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared: multiple
+ blob disks per storage account Dedicated: single
+ blob disk per storage account Managed: azure
+ managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File Service
+ mount on the host and bind mount to the pod.
+ properties:
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret that
+ contains Azure Storage Account Name and Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on the
+ host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: |-
+ monitors is Required: Monitors is a collection of Ceph monitors
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the mounted
+ root, rather than the full Ceph tree, default
+ is /'
+ type: string
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: boolean
+ secretFile:
+ description: |-
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ secretRef:
+ description: |-
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is optional: User is the rados user name, default is admin
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: |-
+ cinder represents a cinder volume attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is optional: points to a secret object containing parameters used to connect
+ to OpenStack.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: |-
+ volumeID used to identify the volume in cinder.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that should
+ populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: |-
+ driver is the name of the CSI driver that handles this volume.
+ Consult with your admin for the correct name as registered in the cluster.
+ type: string
+ fsType:
+ description: |-
+ fsType to mount. Ex. "ext4", "xfs", "ntfs".
+ If not provided, the empty value is passed to the associated CSI driver
+ which will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: |-
+ nodePublishSecretRef is a reference to the secret object containing
+ sensitive information to pass to the CSI driver to complete the CSI
+ NodePublishVolume and NodeUnpublishVolume calls.
+ This field is optional, and may be empty if no secret is required. If the
+ secret object contains more than one secret, all secret references are passed.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: |-
+ readOnly specifies a read-only configuration for the volume.
+ Defaults to false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: |-
+ volumeAttributes stores driver-specific properties that are passed to the CSI
+ driver. Consult your driver's documentation for supported values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API about
+ the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: |-
+ Optional: mode bits to use on created files by default. Must be a
+ Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API volume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing the
+ pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field of
+ the pod: only annotations, labels, name
+ and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of, defaults
+ to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created. Must
+ not be absolute or contain the ''..'' path.
+ Must be utf-8 encoded. The first item of
+ the relative path must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: |-
+ emptyDir represents a temporary directory that shares a pod's lifetime.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ properties:
+ medium:
+ description: |-
+ medium represents what type of storage medium should back this directory.
+ The default is "" which means to use the node's default medium.
+ Must be an empty string (default) or Memory.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ sizeLimit is the total amount of local storage required for this EmptyDir volume.
+ The size limit is also applicable for memory medium.
+ The maximum usage on memory medium EmptyDir would be the minimum value between
+ the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+ The default is nil which means that the limit is undefined.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: |-
+ ephemeral represents a volume that is handled by a cluster storage driver.
+ The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+ and deleted when the pod is removed.
+
+
+ Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from snapshot or capacity
+ tracking are needed,
+ c) the storage driver is specified through a storage class, and
+ d) the storage driver supports dynamic volume provisioning through
+ a PersistentVolumeClaim (see EphemeralVolumeSource for more
+ information on the connection between this volume type
+ and PersistentVolumeClaim).
+
+
+ Use PersistentVolumeClaim or one of the vendor-specific
+ APIs for volumes that persist for longer than the lifecycle
+ of an individual pod.
+
+
+ Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+ be used that way - see the documentation of the driver for
+ more information.
+
+
+ A pod can use both types of ephemeral volumes and
+ persistent volumes at the same time.
+ properties:
+ volumeClaimTemplate:
+ description: |-
+ Will be used to create a stand-alone PVC to provision the volume.
+ The pod in which this EphemeralVolumeSource is embedded will be the
+ owner of the PVC, i.e. the PVC will be deleted together with the
+ pod. The name of the PVC will be `<pod name>-<volume name>` where
+ `<volume name>` is the name from the `PodSpec.Volumes` array
+ entry. Pod validation will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+
+
+ An existing PVC with that name that is not owned by the pod
+ will *not* be used for the pod to avoid using an unrelated
+ volume by mistake. Starting the pod is then blocked until
+ the unrelated PVC is removed. If such a pre-created PVC is
+ meant to be used by the pod, the PVC has to updated with an
+ owner reference to the pod once the pod exists. Normally
+ this should not be necessary, but it may be useful when
+ manually reconstructing a broken cluster.
+
+
+ This field is read-only and no changes will be made by Kubernetes
+ to the PVC after it has been created.
+
+
+ Required, must not be nil.
+ properties:
+ metadata:
+ description: |-
+ May contain labels and annotations that will be copied into the PVC
+ when creating it. No other fields are allowed and will be rejected during
+ validation.
+ type: object
+ spec:
+ description: |-
+ The specification for the PersistentVolumeClaim. The entire content is
+ copied unchanged into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: |-
+ accessModes contains the desired access modes the volume should have.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: |-
+ dataSource field can be used to specify either:
+ * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external controller can support the specified data source,
+ it will create a new volume based on the contents of the specified data source.
+ When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+ If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: |-
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+ volume is desired. This may be any object from a non-empty API group (non
+ core object) or a PersistentVolumeClaim object.
+ When this field is specified, volume binding will only succeed if the type of
+ the specified object matches some installed volume populator or dynamic
+ provisioner.
+ This field will replace the functionality of the dataSource field and as such
+ if both fields are non-empty, they must have the same value. For backwards
+ compatibility, when namespace isn't specified in dataSourceRef,
+ both fields (dataSource and dataSourceRef) will be set to the same
+ value automatically if one of them is empty and the other is non-empty.
+ When namespace is specified in dataSourceRef,
+ dataSource isn't set to the same value and must be empty.
+ There are three important differences between dataSource and dataSourceRef:
+ * While dataSource only allows two specific types of objects, dataSourceRef
+ allows any non-core object, as well as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed values (dropping them), dataSourceRef
+ preserves all values, and generates an error if a disallowed value is
+ specified.
+ * While dataSource only allows local objects, dataSourceRef allows objects
+ in any namespaces.
+ (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+ (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource
+ being referenced
+ type: string
+ name:
+ description: Name is the name of resource
+ being referenced
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of resource being referenced
+ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+ (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: |-
+ resources represents the minimum resources the volume should have.
+ If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+ that are lower than previous value but must still be higher than capacity recorded in the
+ status field of the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ properties:
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ selector:
+ description: selector is a label query over
+ volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: |-
+ storageClassName is the name of the StorageClass required by the claim.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ type: string
+ volumeAttributesClassName:
+ description: |-
+ volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+ If specified, the CSI driver will create or update the volume with the attributes defined
+ in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+ it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+ will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+ If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+ will be set by the persistentvolume controller if it exists.
+ If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+ set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+ exists.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass
+ (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+ type: string
+ volumeMode:
+ description: |-
+ volumeMode defines what type of volume is required by the claim.
+ Value of Filesystem is implied when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding reference
+ to the PersistentVolume backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and then
+ exposed to the pod.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun number'
+ format: int32
+ type: integer
+ readOnly:
+ description: |-
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: |-
+ wwids Optional: FC volume world wide identifiers (wwids)
+ Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: |-
+ flexVolume represents a generic volume resource that is
+ provisioned/attached using an exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver to
+ use for this volume.
+ type: string
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field holds
+ extra command options if any.'
+ type: object
+ readOnly:
+ description: |-
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is Optional: secretRef is reference to the secret object containing
+ sensitive information to pass to the plugin scripts. This may be
+ empty if no secret object is specified. If the secret object
+ contains more than one secret, all secrets are passed to the plugin
+ scripts.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume attached
+ to a kubelet's host machine. This depends on the Flocker
+ control service being running
+ properties:
+ datasetName:
+ description: |-
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+ should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the dataset.
+ This is unique identifier of a Flocker dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: |-
+ gcePersistentDisk represents a GCE Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ partition:
+ description: |-
+ partition is the partition in the volume that you want to mount.
+ If omitted, the default is to mount by volume name.
+ Examples: For volume /dev/sda1, you specify the partition as "1".
+ Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ format: int32
+ type: integer
+ pdName:
+ description: |-
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: |-
+ gitRepo represents a git repository at a particular revision.
+ DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+ EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+ into the Pod's container.
+ properties:
+ directory:
+ description: |-
+ directory is the target directory name.
+ Must not contain or start with '..'. If '.' is supplied, the volume directory will be the
+ git repository. Otherwise, if specified, the volume will contain the git repository in
+ the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for the
+ specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: |-
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ properties:
+ endpoints:
+ description: |-
+ endpoints is the endpoint name that details Glusterfs topology.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ path:
+ description: |-
+ path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: |-
+ hostPath represents a pre-existing file or directory on the host
+ machine that is directly exposed to the container. This is generally
+ used for system agents or other privileged things that are allowed
+ to see the host machine. Most containers will NOT need this.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ ---
+ TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+ mount host directories as read/write.
+ properties:
+ path:
+ description: |-
+ path of the directory on the host.
+ If the path is a symlink, it will follow the link to the real path.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ type:
+ description: |-
+ type for HostPath Volume
+ Defaults to ""
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: |-
+ iscsi represents an ISCSI Disk resource that is attached to a
+ kubelet's host machine and then exposed to the pod.
+ More info: https://examples.k8s.io/volumes/iscsi/README.md
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether support
+ iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether support
+ iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ initiatorName:
+ description: |-
+ initiatorName is the custom iSCSI Initiator Name.
+ If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+ <target portal>:<volume name> will be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified Name.
+ type: string
+ iscsiInterface:
+ description: |-
+ iscsiInterface is the interface Name that uses an iSCSI transport.
+ Defaults to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun number.
+ format: int32
+ type: integer
+ portals:
+ description: |-
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for iSCSI
+ target and initiator authentication
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: |-
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+ is other than default (typically TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: |-
+ name of the volume.
+ Must be a DNS_LABEL and unique within the pod.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ nfs:
+ description: |-
+ nfs represents an NFS mount on the host that shares a pod's lifetime
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ properties:
+ path:
+ description: |-
+ path that is exported by the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the NFS export to be mounted with read-only permissions.
+ Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: boolean
+ server:
+ description: |-
+ server is the hostname or IP address of the NFS server.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: |-
+ persistentVolumeClaimVolumeSource represents a reference to a
+ PersistentVolumeClaim in the same namespace.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ properties:
+ claimName:
+ description: |-
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ type: string
+ readOnly:
+ description: |-
+ readOnly Will force the ReadOnly setting in VolumeMounts.
+ Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets host
+ machine
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies Photon
+ Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fSType represents the filesystem type to mount
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a Portworx
+ volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode are the mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ clusterTrustBundle:
+ description: |-
+ ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+ of ClusterTrustBundle objects in an auto-updating file.
+
+
+ Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+ ClusterTrustBundle objects can either be selected by name, or by the
+ combination of signer name and a label selector.
+
+
+ Kubelet performs aggressive normalization of the PEM contents written
+ into the pod filesystem. Esoteric PEM features such as inter-block
+ comments and block headers are stripped. Certificates are deduplicated.
+ The ordering of certificates within the file is arbitrary, and Kubelet
+ may change the order over time.
+ properties:
+ labelSelector:
+ description: |-
+ Select all ClusterTrustBundles that match this label selector. Only has
+ effect if signerName is set. Mutually-exclusive with name. If unset,
+ interpreted as "match nothing". If set but empty, interpreted as "match
+ everything".
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ name:
+ description: |-
+ Select a single ClusterTrustBundle by object name. Mutually-exclusive
+ with signerName and labelSelector.
+ type: string
+ optional:
+ description: |-
+ If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+ aren't available. If using name, then the named ClusterTrustBundle is
+ allowed not to exist. If using signerName, then the combination of
+ signerName and labelSelector is allowed to match zero
+ ClusterTrustBundles.
+ type: boolean
+ path:
+ description: Relative path from the volume
+ root to write the bundle.
+ type: string
+ signerName:
+ description: |-
+ Select all ClusterTrustBundles that match this signer name.
+ Mutually-exclusive with name. The contents of all selected
+ ClusterTrustBundles will be unified and deduplicated.
+ type: string
+ required:
+ - path
+ type: object
+ configMap:
+ description: configMap information about the
+ configMap data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ ConfigMap will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the ConfigMap,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace are
+ supported.'
+ properties:
+ apiVersion:
+ description: Version of the
+ schema the FieldPath is written
+ in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field
+ to select in the specified
+ API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: |-
+ Optional: mode bits used to set permissions on this file, must be an octal value
+ between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the
+ relative path name of the file
+ to be created. Must not be absolute
+ or contain the ''..'' path. Must
+ be utf-8 encoded. The first item
+ of the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name:
+ required for volumes, optional
+ for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource
+ to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about the
+ secret data to project
+ properties:
+ items:
+ description: |-
+ items if unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a
+ path within a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ optional:
+ description: optional field specify whether
+ the Secret or its key must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to project
+ properties:
+ audience:
+ description: |-
+ audience is the intended audience of the token. A recipient of a token
+ must identify itself with an identifier specified in the audience of the
+ token, and otherwise should reject the token. The audience defaults to the
+ identifier of the apiserver.
+ type: string
+ expirationSeconds:
+ description: |-
+ expirationSeconds is the requested duration of validity of the service
+ account token. As the token approaches expiration, the kubelet volume
+ plugin will proactively rotate the service account token. The kubelet will
+ start trying to rotate the token if the token is older than 80 percent of
+ its time to live or if the token is older than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: |-
+ path is the path relative to the mount point of the file to project the
+ token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount on the
+ host that shares a pod's lifetime
+ properties:
+ group:
+ description: |-
+ group to map volume access to
+ Default is no group
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: |-
+ registry represents a single or multiple Quobyte Registry services
+ specified as a string as host:port pair (multiple entries are separated with commas)
+ which acts as the central registry for volumes
+ type: string
+ tenant:
+ description: |-
+ tenant owning the given Quobyte volume in the Backend
+ Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ type: string
+ user:
+ description: |-
+ user to map volume access to
+ Defaults to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: |-
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type of the volume that you want to mount.
+ Tip: Ensure that the filesystem type is supported by the host operating system.
+ Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem from compromising the machine
+ type: string
+ image:
+ description: |-
+ image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ keyring:
+ description: |-
+ keyring is the path to key ring for RBDUser.
+ Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ monitors:
+ description: |-
+ monitors is a collection of Ceph monitors.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ items:
+ type: string
+ type: array
+ pool:
+ description: |-
+ pool is the rados pool name.
+ Default is rbd.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ readOnly:
+ description: |-
+ readOnly here will force the ReadOnly setting in VolumeMounts.
+ Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef is name of the authentication secret for RBDUser. If provided
+ overrides keyring.
+ Default is nil.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: |-
+ user is the rados user name.
+ Default is admin.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs".
+ Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of the
+ ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of the
+ ScaleIO Protection Domain for the configured storage.
+ type: string
+ readOnly:
+ description: |-
+ readOnly Defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef references to the secret for ScaleIO user and other
+ sensitive information. If this is not provided, Login operation will fail.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable SSL
+ communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: |-
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+ Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage system
+ as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: |-
+ volumeName is the name of a volume already created in the ScaleIO system
+ that is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: |-
+ secret represents a secret that should populate this volume.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ properties:
+ defaultMode:
+ description: |-
+ defaultMode is Optional: mode bits used to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values
+ for mode bits. Defaults to 0644.
+ Directories within the path are not affected by this setting.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ items:
+ description: |-
+ items If unspecified, each key-value pair in the Data field of the referenced
+ Secret will be projected into the volume as a file whose name is the
+ key and content is the value. If specified, the listed keys will be
+ projected into the specified paths, and unlisted keys will not be
+ present. If a key is specified which is not present in the Secret,
+ the volume setup will error unless it is marked optional. Paths must be
+ relative and may not contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: |-
+ mode is Optional: mode bits used to set permissions on this file.
+ Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+ If not specified, the volume defaultMode will be used.
+ This might be in conflict with other options that affect the file
+ mode, like fsGroup, and the result can be other mode bits set.
+ format: int32
+ type: integer
+ path:
+ description: |-
+ path is the relative path of the file to map the key to.
+ May not be an absolute path.
+ May not contain the path element '..'.
+ May not start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether the
+ Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: |-
+ secretName is the name of the secret in the pod's namespace to use.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: |-
+ fsType is the filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ readOnly:
+ description: |-
+ readOnly defaults to false (read/write). ReadOnly here will force
+ the ReadOnly setting in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: |-
+ secretRef specifies the secret to use for obtaining the StorageOS API
+ credentials. If not specified, default values will be attempted.
+ properties:
+ name:
+ description: |-
+ Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind, uid?
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: |-
+ volumeName is the human-readable name of the StorageOS volume. Volume
+ names are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: |-
+ volumeNamespace specifies the scope of the volume within StorageOS. If no
+ namespace is specified then the Pod's namespace will be used. This allows the
+ Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+ Set VolumeName to any name to override the default behaviour.
+ Set to "default" if you are not using namespaces within StorageOS.
+ Namespaces that do not pre-exist within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere volume
+ attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: |-
+ fsType is filesystem type to mount.
+ Must be a filesystem type supported by the host operating system.
+ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage Policy
+ Based Management (SPBM) profile ID associated
+ with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage Policy
+ Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ required:
+ - containers
+ type: object
+ type: object
+ topology:
+ description: |-
+ Topology represents the desired topology, it's represented by the 'Nodes' field, a list of nodes where the switches are going to be deployed and a list of bidirectional links,
+ selecting the nodes that are going to be linked.
+ properties:
+ links:
+ items:
+ type: string
+ type: array
+ nodes:
+ items:
+ type: string
+ type: array
+ required:
+ - links
+ - nodes
+ type: object
+ required:
+ - networkController
+ - switchTemplate
+ type: object
+ status:
+ description: OverlayStatus defines the observed state of Overlay
+ properties:
+ connectedNeighbors:
+ items:
+ properties:
+ domain:
+ description: |-
+ Domain where the neighbor's NED switch can be reached at. Must be a valid IP Address or Domain name, reachable from the node the NED
+ is going to be deployed at.
+ type: string
+ node:
+ description: Name of the cluster the link is going to be made
+ upon.
+ type: string
+ required:
+ - domain
+ - node
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-leader-election-role
+ namespace: l2sm-system
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: l2sm-manager-role
+rules:
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - l2networks/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - networkedgedevices/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - l2sm.l2sm.k8s.local
+ resources:
+ - overlays/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: metrics-reader
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: proxy-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrole
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-leader-election-rolebinding
+ namespace: l2sm-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: l2sm-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: l2sm-manager-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: proxy-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: l2network
+ name: l2sm-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: l2sm-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: kube-rbac-proxy
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager-metrics-service
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: service
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-controller-manager-metrics-service
+ namespace: l2sm-system
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: l2network
+ app.kubernetes.io/instance: controller-manager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: deployment
+ app.kubernetes.io/part-of: l2network
+ control-plane: controller-manager
+ name: l2sm-controller-manager
+ namespace: l2sm-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - args:
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ command:
+ - /manager
+ env:
+ - name: CONTROLLER_IP
+ value: l2sm-controller-service.default.svc.cluster.local
+ image: alexdecb/l2sm-controller-manager:2.4
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: l2sm-controller-manager
+ terminationGracePeriodSeconds: 10
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: l2sm-operator
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ selector:
+ matchLabels:
+ l2sm-component: l2sm-opt
+ template:
+ metadata:
+ labels:
+ l2sm-component: l2sm-opt
+ spec:
+ serviceAccountName: l2sm-operator
+ initContainers:
+ - name: wait-for-l2sm-controller
+ image: curlimages/curl
+ args:
+ - /bin/sh
+ - -c
+ - >
+ set -x;
+ while [ $(curl -sw '%{http_code}' "http://l2sm-controller-service:8181/onos/ui" -o /dev/null) -ne 302 ]; do
+ sleep 15;
+ done;
+ sleep 5;
+ containers:
+ - image: alexdecb/l2sm-operator:2.4
+ name: l2sm-opt-pod
+ env:
+ - name: CONTROLLER_IP
+ value: l2sm-controller-service
+ - name: DATABASE_IP
+ value: mysql-development-service
+ - name: MYSQL_USER
+ value: l2sm
+ - name: MYSQL_PASSWORD
+ value: l2sm
+ - name: MYSQL_DATABASE
+ value: l2sm
+ # imagePullPolicy: Always
+ nodeSelector:
+ dedicated: master
+ tolerations:
+ - key: dedicated
+ operator: Equal
+ value: master
+ effect: NoSchedule
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: l2sm-operator-service
+spec:
+ ports:
+ - protocol: TCP
+ port: 8080
+ targetPort: 8080
+ selector:
+ l2sm-component: l2sm-opt
+
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: l2sm-switch
+ #namespace: kube-system
+ labels:
+ l2sm-component: l2sm-switch
+spec:
+ selector:
+ matchLabels:
+ l2sm-component: l2sm-switch
+ template:
+ metadata:
+ labels:
+ l2sm-component: l2sm-switch
+ annotations:
+ k8s.v1.cni.cncf.io/networks: '[{ "name": "veth1", "ips": ["fe80::58d0:b8ff:fe42:debf/64"]}, { "name": "veth2", "ips": ["fe80::58d0:b8ff:fe42:debe/64"]}, { "name": "veth3", "ips": ["fe80::58d0:b8ff:fe42:debd/64"]}, { "name": "veth4", "ips": ["fe80::58d0:b8ff:fe42:debc/64"]}, { "name": "veth5", "ips": ["fe80::58d0:b8ff:fe42:debb/64"]}, { "name": "veth6", "ips": ["fe80::58d0:b8ff:fe42:deba/64"]}, { "name": "veth7", "ips": ["fe80::58d0:b8ff:fe42:deb9/64"]}, { "name": "veth8", "ips": ["fe80::58d0:b8ff:fe42:deb8/64"]}, { "name": "veth9", "ips": ["fe80::58d0:b8ff:fe42:deb7/64"]}, { "name": "veth10", "ips": ["fe80::58d0:b8ff:fe42:deb6/64"]}]'
+ spec:
+ tolerations:
+ # this toleration is to have the daemonset runnable on master nodes
+ # remove it if your masters can't run pods
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ initContainers:
+ - name: wait-for-l2sm-operator
+ image: curlimages/curl
+ args:
+ - /bin/sh
+ - -c
+ - >
+ set -x;
+ while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
+ sleep 15;
+ done;
+ sleep 5;
+ containers:
+ - name: l2sm-switch
+ image: alexdecb/l2sm-switch:2.4
+ # imagePullPolicy: Always
+ #args: ["setup_switch.sh && sleep infinity"]
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: NVETHS
+ value: "10"
+ - name: CONTROLLERIP
+ value: "l2sm-controller-service"
+ securityContext:
+ capabilities:
+ add: ["NET_ADMIN"]
+ nodeSelector:
+ kubernetes.io/arch: amd64
+
+---
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: veth10
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "bridge",
+ "bridge": "br10",
+ "mtu": 1400,
+ "device": "veth10",
+ "ipam": {
+ "type":"static"
+ }
+ }'
+---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
@@ -15,6 +9853,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -31,6 +9870,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -47,6 +9887,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -63,6 +9904,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -79,6 +9921,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -112,6 +9955,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -128,6 +9972,7 @@ spec:
}
}'
---
+
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
@@ -144,192 +9989,6 @@ spec:
}
}'
---
-apiVersion: "k8s.cni.cncf.io/v1"
-kind: NetworkAttachmentDefinition
-metadata:
- name: veth10
-spec:
- config: '{
- "cniVersion": "0.3.0",
- "type": "bridge",
- "bridge": "br10",
- "mtu": 1400,
- "device": "veth10",
- "ipam": {
- "type":"static"
- }
- }'
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: l2sm-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: l2sm-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cluster-admin
-subjects:
- - kind: ServiceAccount
- name: l2sm-operator
- namespace: default
----
-apiVersion: v1
-kind: PersistentVolume
-metadata:
- name: mysql-pv
- labels:
- type: local
-spec:
- storageClassName: manual
- capacity:
- storage: 2Gi
- accessModes:
- - ReadWriteOnce
- hostPath:
- path: "/mnt/data"
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: mysql-pv-claim
-spec:
- storageClassName: manual
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 2Gi
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-controller
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: l2sm-controller
- template:
- metadata:
- labels:
- app: l2sm-controller
- spec:
- containers:
- - name: l2sm-controller
- image: alexdecb/l2sm-controller:2.2
- readinessProbe:
- httpGet:
- path: /onos/ui
- port: 8181
- initialDelaySeconds: 30
- periodSeconds: 10
- ports:
- - containerPort: 6633
- - containerPort: 8181
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-controller-service
-spec:
- selector:
- app: l2sm-controller
- ports:
- - name: of13-port
- protocol: TCP
- port: 6633
- targetPort: 6633
- - name: http-port
- protocol: TCP
- port: 8181
- targetPort: 8181
- type: ClusterIP
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: l2sm-operator
-spec:
- replicas: 1
- strategy:
- type: Recreate
- selector:
- matchLabels:
- l2sm-component: l2sm-opt
- template:
- metadata:
- labels:
- l2sm-component: l2sm-opt
- spec:
- serviceAccountName: l2sm-operator
- initContainers:
- - name: wait-for-l2sm-controller
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-controller-service:8181/onos/ui" -o /dev/null) -ne 302 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - image: alexdecb/l2sm-operator:2.3
- name: l2sm-opt-pod
- env:
- - name: CONTROLLER_IP
- value: l2sm-controller-service
- #imagePullPolicy: Always
- - name: mysql
- image: mysql:5.7
- envFrom:
- - secretRef:
- name: mysql-secret
- ports:
- - containerPort: 3306
- name: mysql
- volumeMounts:
- - name: mysql-persistent-storage
- mountPath: /var/lib/mysql
- - name: initdb-volume
- mountPath: /docker-entrypoint-initdb.d
- volumes:
- - name: mysql-persistent-storage
- persistentVolumeClaim:
- claimName: mysql-pv-claim
- - name: initdb-volume
- configMap:
- name: mysql-schema
- items:
- - key: init.sql
- path: init.sql
- nodeSelector:
- dedicated: master
- tolerations:
- - key: dedicated
- operator: Equal
- value: master
- effect: NoSchedule
-
----
-apiVersion: v1
-kind: Service
-metadata:
- name: l2sm-operator-service
-spec:
- ports:
- - protocol: TCP
- port: 8080
- targetPort: 8080
- selector:
- l2sm-component: l2sm-opt
----
apiVersion: v1
kind: ConfigMap
metadata:
@@ -392,98 +10051,89 @@ data:
FOREIGN KEY (network_id)
REFERENCES networks(id);
---
-apiVersion: apps/v1
-kind: DaemonSet
+apiVersion: v1
+kind: Pod
metadata:
- name: l2sm-switch
- #namespace: kube-system
+ name: mysql-development-pod
labels:
- l2sm-component: l2sm-switch
+ app: mysql
spec:
- selector:
- matchLabels:
- l2sm-component: l2sm-switch
- template:
- metadata:
- labels:
- l2sm-component: l2sm-switch
- annotations:
- k8s.v1.cni.cncf.io/networks: veth1, veth2, veth3, veth4, veth5, veth6, veth7, veth8, veth9, veth10
- spec:
- tolerations:
- # this toleration is to have the daemonset runnable on master nodes
- # remove it if your masters can't run pods
- - key: node-role.kubernetes.io/master
- operator: Exists
- effect: NoSchedule
- initContainers:
- - name: wait-for-l2sm-operator
- image: curlimages/curl
- args:
- - /bin/sh
- - -c
- - >
- set -x;
- while [ $(curl -sw '%{http_code}' "http://l2sm-operator-service:8080/healthz" -o /dev/null) -ne 200 ]; do
- sleep 15;
- done;
- sleep 5;
- containers:
- - name: l2sm-switch
- image: alexdecb/l2sm-switch:2.2
- #args: ["setup_switch.sh && sleep infinity"]
- env:
- - name: NODENAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: NVETHS
- value: "10"
- - name: CONTROLLERIP
- value: "l2sm-controller-service"
- securityContext:
- capabilities:
- add: ["NET_ADMIN"]
- nodeSelector:
- kubernetes.io/arch: amd64
+ containers:
+ - name: mysql
+ image: mysql:5.7
+ envFrom:
+ - secretRef:
+ name: mysql-secret
+ ports:
+ - containerPort: 3306
+ name: mysql
+ volumeMounts:
+ - name: mysql-persistent-storage
+ mountPath: /var/lib/mysql
+ - name: initdb-volume
+ mountPath: /docker-entrypoint-initdb.d
+ volumes:
+ - name: mysql-persistent-storage
+ persistentVolumeClaim:
+ claimName: mysql-pv-claim
+ - name: initdb-volume
+ configMap:
+ name: mysql-schema
+ items:
+ - key: init.sql
+ path: init.sql
+ nodeName: l2sm1
---
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
+apiVersion: v1
+kind: Service
metadata:
- name: l2sm-networks.l2sm.k8s.local
+ name: mysql-development-service
spec:
- group: l2sm.k8s.local
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- type: object
- properties:
- spec:
- type: object
- properties:
- type:
- type: string
- config:
- type: string
- nullable: true
- signature:
- type: string
- nullable: true
- status:
- type: object
- properties:
- connectedPods:
- type: array
- items:
- type: string
- scope: Namespaced
- names:
- plural: l2sm-networks
- singular: l2sm-network
- kind: L2SMNetwork
- shortNames:
- - l2sm-net
+ type: NodePort
+ ports:
+ - port: 3306
+ targetPort: 3306
+ nodePort: 30001
+ protocol: TCP
+ selector:
+ app: mysql
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: mysql-secret
+type: Opaque
+data:
+ MYSQL_ROOT_PASSWORD: cGFzc3dvcmQ= # Base64 encoded "password"
+ MYSQL_USER: bDJzbQ== # Base64 encoded "l2sm"
+ MYSQL_PASSWORD: bDJzbQ== # Base64 encoded "l2sm"
+ MYSQL_DATABASE: bDJzbQ==
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: mysql-pv-claim
+spec:
+ storageClassName: manual
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 2Gi
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: mysql-pv
+ labels:
+ type: local
+spec:
+ storageClassName: manual
+ capacity:
+ storage: 2Gi
+ accessModes:
+ - ReadWriteOnce
+ hostPath:
+ path: "/mnt/data"
+---
diff --git a/hack/generateDeployment.sh b/hack/generateDeployment.sh
new file mode 100755
index 0000000000000000000000000000000000000000..1aeb1a54a50b80342016a9fa49c0692bf474b7e6
--- /dev/null
+++ b/hack/generateDeployment.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Define the directory containing the YAML files
+DIRECTORY="./deployments/custom-installation"
+
+# Define the output file
+OUTPUT_FILE="./deployments/l2sm-deployment.yaml"
+
+# Start with an empty output file
+> "$OUTPUT_FILE"
+
+# Find all YAML files within the directory and all subdirectories,
+# concatenate their contents into the output file and add '---' after each file's content
+find "$DIRECTORY" -type f -name '*.yaml' | sort | while read file; do
+ cat "$file" >> "$OUTPUT_FILE"
+ echo "---" >> "$OUTPUT_FILE"
+done
+
+echo "All YAML files, including those within subdirectories, have been concatenated into $OUTPUT_FILE with delimiters."