| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415 |
- ---
- apiVersion: apiextensions.k8s.io/v1
- kind: CustomResourceDefinition
- metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
- creationTimestamp: null
- name: cronjobs.batch.tutorial.kubebuilder.io
- spec:
- group: batch.tutorial.kubebuilder.io
- names:
- kind: CronJob
- listKind: CronJobList
- plural: cronjobs
- singular: cronjob
- scope: Namespaced
- versions:
- - name: v1
- schema:
- openAPIV3Schema:
- description: CronJob is the Schema for the cronjobs API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: CronJobSpec defines the desired state of CronJob
- properties:
- concurrencyPolicy:
- description: 'Specifies how to treat concurrent executions of a Job.
- Valid values are: - "Allow" (default): allows CronJobs to run concurrently;
- - "Forbid": forbids concurrent runs, skipping next run if previous
- run hasn''t finished yet; - "Replace": cancels currently running
- job and replaces it with a new one'
- enum:
- - Allow
- - Forbid
- - Replace
- type: string
- failedJobsHistoryLimit:
- description: The number of failed finished jobs to retain. This is
- a pointer to distinguish between explicit zero and not specified.
- format: int32
- minimum: 0
- type: integer
- jobTemplate:
- description: Specifies the job that will be created when executing
- a CronJob.
- properties:
- metadata:
- description: 'Standard object''s metadata of the jobs created
- from this template. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Specification of the desired behavior of the job.
- More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- activeDeadlineSeconds:
- description: Specifies the duration in seconds relative to
- the startTime that the job may be continuously active before
- the system tries to terminate it; value must be positive
- integer. If a Job is suspended (at creation or through an
- update), this timer will effectively be stopped and reset
- when the Job is resumed again.
- format: int64
- type: integer
- backoffLimit:
- description: Specifies the number of retries before marking
- this job failed. Defaults to 6
- format: int32
- type: integer
- completionMode:
- description: "CompletionMode specifies how Pod completions
- are tracked. It can be `NonIndexed` (default) or `Indexed`.
- \n `NonIndexed` means that the Job is considered complete
- when there have been .spec.completions successfully completed
- Pods. Each Pod completion is homologous to each other. \n
- `Indexed` means that the Pods of a Job get an associated
- completion index from 0 to (.spec.completions - 1), available
- in the annotation batch.kubernetes.io/job-completion-index.
- The Job is considered complete when there is one successfully
- completed Pod for each index. When value is `Indexed`, .spec.completions
- must be specified and `.spec.parallelism` must be less than
- or equal to 10^5. In addition, The Pod name takes the form
- `$(job-name)-$(index)-$(random-string)`, the Pod hostname
- takes the form `$(job-name)-$(index)`. \n More completion
- modes can be added in the future. If the Job controller
- observes a mode that it doesn't recognize, which is possible
- during upgrades due to version skew, the controller skips
- updates for the Job."
- type: string
- completions:
- description: 'Specifies the desired number of successfully
- finished pods the job should be run with. Setting to nil
- means that the success of any pod signals the success of
- all pods, and allows parallelism to have any positive value. Setting
- to 1 means that parallelism is limited to 1 and the success
- of that pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
- format: int32
- type: integer
- manualSelector:
- description: 'manualSelector controls generation of pod labels
- and pod selectors. Leave `manualSelector` unset unless you
- are certain what you are doing. When false or unset, the
- system pick labels unique to this job and appends those
- labels to the pod template. When true, the user is responsible
- for picking unique labels and specifying the selector. Failure
- to pick a unique label may cause this and other jobs to
- not function correctly. However, You may see `manualSelector=true`
- in jobs that were created with the old `extensions/v1beta1`
- API. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector'
- type: boolean
- parallelism:
- description: 'Specifies the maximum desired number of pods
- the job should run at any given time. The actual number
- of pods running in steady state will be less than this number
- when ((.spec.completions - .status.successful) < .spec.parallelism),
- i.e. when the work left to do is less than max parallelism.
- More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
- format: int32
- type: integer
- podFailurePolicy:
- description: "Specifies the policy of handling failed pods.
- In particular, it allows to specify the set of actions and
- conditions which need to be satisfied to take the associated
- action. If empty, the default behaviour applies - the counter
- of failed pods, represented by the jobs's .status.failed
- field, is incremented and it is checked against the backoffLimit.
- This field cannot be used in combination with restartPolicy=OnFailure.
- \n This field is alpha-level. To use this field, you must
- enable the `JobPodFailurePolicy` feature gate (disabled
- by default)."
- properties:
- rules:
- description: A list of pod failure policy rules. The rules
- are evaluated in order. Once a rule matches a Pod failure,
- the remaining of the rules are ignored. When no rule
- matches the Pod failure, the default handling applies
- - the counter of pod failures is incremented and it
- is checked against the backoffLimit. At most 20 elements
- are allowed.
- items:
- description: PodFailurePolicyRule describes how a pod
- failure is handled when the requirements are met.
- One of OnExitCodes and onPodConditions, but not both,
- can be used in each rule.
- properties:
- action:
- description: 'Specifies the action taken on a pod
- failure when the requirements are satisfied. Possible
- values are: - FailJob: indicates that the pod''s
- job is marked as Failed and all running pods are
- terminated. - Ignore: indicates that the counter
- towards the .backoffLimit is not incremented and
- a replacement pod is created. - Count: indicates
- that the pod is handled in the default way - the
- counter towards the .backoffLimit is incremented.
- Additional values are considered to be added in
- the future. Clients should react to an unknown
- action by skipping the rule.'
- type: string
- onExitCodes:
- description: Represents the requirement on the container
- exit codes.
- properties:
- containerName:
- description: Restricts the check for exit codes
- to the container with the specified name.
- When null, the rule applies to all containers.
- When specified, it should match one the container
- or initContainer names in the pod template.
- type: string
- operator:
- description: 'Represents the relationship between
- the container exit code(s) and the specified
- values. Containers completed with success
- (exit code 0) are excluded from the requirement
- check. Possible values are: - In: the requirement
- is satisfied if at least one container exit
- code (might be multiple if there are multiple
- containers not restricted by the ''containerName''
- field) is in the set of specified values.
- - NotIn: the requirement is satisfied if at
- least one container exit code (might be multiple
- if there are multiple containers not restricted
- by the ''containerName'' field) is not in
- the set of specified values. Additional values
- are considered to be added in the future.
- Clients should react to an unknown operator
- by assuming the requirement is not satisfied.'
- type: string
- values:
- description: Specifies the set of values. Each
- returned container exit code (might be multiple
- in case of multiple containers) is checked
- against this set of values with respect to
- the operator. The list of values must be ordered
- and must not contain duplicates. Value '0'
- cannot be used for the In operator. At least
- one element is required. At most 255 elements
- are allowed.
- items:
- format: int32
- type: integer
- type: array
- x-kubernetes-list-type: set
- required:
- - operator
- - values
- type: object
- onPodConditions:
- description: Represents the requirement on the pod
- conditions. The requirement is represented as
- a list of pod condition patterns. The requirement
- is satisfied if at least one pattern matches an
- actual pod condition. At most 20 elements are
- allowed.
- items:
- description: PodFailurePolicyOnPodConditionsPattern
- describes a pattern for matching an actual pod
- condition type.
- properties:
- status:
- description: Specifies the required Pod condition
- status. To match a pod condition it is required
- that the specified status equals the pod
- condition status. Defaults to True.
- type: string
- type:
- description: Specifies the required Pod condition
- type. To match a pod condition it is required
- that specified type equals the pod condition
- type.
- type: string
- required:
- - status
- - type
- type: object
- type: array
- x-kubernetes-list-type: atomic
- required:
- - action
- - onPodConditions
- type: object
- type: array
- x-kubernetes-list-type: atomic
- required:
- - rules
- type: object
- selector:
- description: 'A label query over pods that should match the
- pod count. Normally, the system sets this field for you.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
- properties:
- matchExpressions:
- description: matchExpressions is a list of label selector
- requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a selector
- that contains values, a key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the label key that the selector
- applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are In, NotIn,
- Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string values.
- If the operator is In or NotIn, the values array
- must be non-empty. If the operator is Exists or
- DoesNotExist, the values array must be empty.
- This array is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value} pairs.
- A single {key,value} in the matchLabels map is equivalent
- to an element of matchExpressions, whose key field is
- "key", the operator is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- suspend:
- description: Suspend specifies whether the Job controller
- should create Pods or not. If a Job is created with suspend
- set to true, no Pods are created by the Job controller.
- If a Job is suspended after creation (i.e. the flag goes
- from false to true), the Job controller will delete all
- active Pods associated with this Job. Users must design
- their workload to gracefully handle this. Suspending a Job
- will reset the StartTime field of the Job, effectively resetting
- the ActiveDeadlineSeconds timer too. Defaults to false.
- type: boolean
- template:
- description: 'Describes the pod that will be created when
- executing a job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
- properties:
- metadata:
- description: 'Standard object''s metadata. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
- type: object
- spec:
- description: 'Specification of the desired behavior of
- the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
- properties:
- activeDeadlineSeconds:
- description: Optional duration in seconds the pod
- may be active on the node relative to StartTime
- before the system will actively try to mark it failed
- and kill associated containers. Value must be a
- positive integer.
- format: int64
- type: integer
- affinity:
- description: If specified, the pod's scheduling constraints
- properties:
- nodeAffinity:
- description: Describes node affinity scheduling
- rules for the pod.
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to
- schedule pods to nodes that satisfy the
- affinity expressions specified by this field,
- but it may choose a node that violates one
- or more of the expressions. The node that
- is most preferred is the one with the greatest
- sum of weights, i.e. for each node that
- meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if
- the node matches the corresponding matchExpressions;
- the node(s) with the highest sum are the
- most preferred.
- items:
- description: An empty preferred scheduling
- term matches all objects with implicit
- weight 0 (i.e. it's a no-op). A null preferred
- scheduling term matches no objects (i.e.
- is also a no-op).
- properties:
- preference:
- description: A node selector term, associated
- with the corresponding weight.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains
- values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: Represents a
- key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator
- is In or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the values
- array must be empty. If
- the operator is Gt or Lt,
- the values array must have
- a single element, which
- will be interpreted as an
- integer. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains
- values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: Represents a
- key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator
- is In or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the values
- array must be empty. If
- the operator is Gt or Lt,
- the values array must have
- a single element, which
- will be interpreted as an
- integer. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- weight:
- description: Weight associated with
- matching the corresponding nodeSelectorTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - preference
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto
- the node. If the affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to an update),
- the system may or may not try to eventually
- evict the pod from its node.
- properties:
- nodeSelectorTerms:
- description: Required. A list of node
- selector terms. The terms are ORed.
- items:
- description: A null or empty node selector
- term matches no objects. The requirements
- of them are ANDed. The TopologySelectorTerm
- type implements a subset of the NodeSelectorTerm.
- properties:
- matchExpressions:
- description: A list of node selector
- requirements by node's labels.
- items:
- description: A node selector requirement
- is a selector that contains
- values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: Represents a
- key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator
- is In or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the values
- array must be empty. If
- the operator is Gt or Lt,
- the values array must have
- a single element, which
- will be interpreted as an
- integer. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchFields:
- description: A list of node selector
- requirements by node's fields.
- items:
- description: A node selector requirement
- is a selector that contains
- values, a key, and an operator
- that relates the key and values.
- properties:
- key:
- description: The label key
- that the selector applies
- to.
- type: string
- operator:
- description: Represents a
- key's relationship to a
- set of values. Valid operators
- are In, NotIn, Exists, DoesNotExist.
- Gt, and Lt.
- type: string
- values:
- description: An array of string
- values. If the operator
- is In or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the values
- array must be empty. If
- the operator is Gt or Lt,
- the values array must have
- a single element, which
- will be interpreted as an
- integer. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- type: object
- x-kubernetes-map-type: atomic
- type: array
- required:
- - nodeSelectorTerms
- type: object
- x-kubernetes-map-type: atomic
- type: object
- podAffinity:
- description: Describes pod affinity scheduling
- rules (e.g. co-locate this pod in the same node,
- zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to
- schedule pods to nodes that satisfy the
- affinity expressions specified by this field,
- but it may choose a node that violates one
- or more of the expressions. The node that
- is most preferred is the one with the greatest
- sum of weights, i.e. for each node that
- meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- affinity expressions, etc.), compute a sum
- by iterating through the elements of this
- field and adding "weight" to the sum if
- the node has pods which matches the corresponding
- podAffinityTerm; the node(s) with the highest
- sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: A label query over
- a set of resources, in this case
- pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a
- key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator
- represents a key's relationship
- to a set of values.
- Valid operators are
- In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is
- an array of string values.
- If the operator is In
- or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the
- values array must be
- empty. This array is
- replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is
- a map of {key,value} pairs.
- A single {key,value} in the
- matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key",
- the operator is "In", and
- the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over
- the set of namespaces that the
- term applies to. The term is applied
- to the union of the namespaces
- selected by this field and the
- ones listed in the namespaces
- field. null selector and null
- or empty namespaces list means
- "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a
- key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator
- represents a key's relationship
- to a set of values.
- Valid operators are
- In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is
- an array of string values.
- If the operator is In
- or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the
- values array must be
- empty. This array is
- replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is
- a map of {key,value} pairs.
- A single {key,value} in the
- matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key",
- the operator is "In", and
- the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The
- term is applied to the union of
- the namespaces listed in this
- field and the ones selected by
- namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be
- co-located (affinity) or not co-located
- (anti-affinity) with the pods
- matching the labelSelector in
- the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with
- matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto
- the node. If the affinity requirements specified
- by this field cease to be met at some point
- during pod execution (e.g. due to a pod
- label update), the system may or may not
- try to eventually evict the pod from its
- node. When there are multiple elements,
- the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all
- terms must be satisfied.
- items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not
- co-located (anti-affinity) with, where
- co-located is defined as running on a
- node whose value of the label with key
- <topologyKey> matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- podAntiAffinity:
- description: Describes pod anti-affinity scheduling
- rules (e.g. avoid putting this pod in the same
- node, zone, etc. as some other pod(s)).
- properties:
- preferredDuringSchedulingIgnoredDuringExecution:
- description: The scheduler will prefer to
- schedule pods to nodes that satisfy the
- anti-affinity expressions specified by this
- field, but it may choose a node that violates
- one or more of the expressions. The node
- that is most preferred is the one with the
- greatest sum of weights, i.e. for each node
- that meets all of the scheduling requirements
- (resource request, requiredDuringScheduling
- anti-affinity expressions, etc.), compute
- a sum by iterating through the elements
- of this field and adding "weight" to the
- sum if the node has pods which matches the
- corresponding podAffinityTerm; the node(s)
- with the highest sum are the most preferred.
- items:
- description: The weights of all of the matched
- WeightedPodAffinityTerm fields are added
- per-node to find the most preferred node(s)
- properties:
- podAffinityTerm:
- description: Required. A pod affinity
- term, associated with the corresponding
- weight.
- properties:
- labelSelector:
- description: A label query over
- a set of resources, in this case
- pods.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a
- key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator
- represents a key's relationship
- to a set of values.
- Valid operators are
- In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is
- an array of string values.
- If the operator is In
- or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the
- values array must be
- empty. This array is
- replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is
- a map of {key,value} pairs.
- A single {key,value} in the
- matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key",
- the operator is "In", and
- the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over
- the set of namespaces that the
- term applies to. The term is applied
- to the union of the namespaces
- selected by this field and the
- ones listed in the namespaces
- field. null selector and null
- or empty namespaces list means
- "this pod's namespace". An empty
- selector ({}) matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a
- key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator
- represents a key's relationship
- to a set of values.
- Valid operators are
- In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is
- an array of string values.
- If the operator is In
- or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the
- values array must be
- empty. This array is
- replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is
- a map of {key,value} pairs.
- A single {key,value} in the
- matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key",
- the operator is "In", and
- the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies
- a static list of namespace names
- that the term applies to. The
- term is applied to the union of
- the namespaces listed in this
- field and the ones selected by
- namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be
- co-located (affinity) or not co-located
- (anti-affinity) with the pods
- matching the labelSelector in
- the specified namespaces, where
- co-located is defined as running
- on a node whose value of the label
- with key topologyKey matches that
- of any node on which any of the
- selected pods is running. Empty
- topologyKey is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- weight:
- description: weight associated with
- matching the corresponding podAffinityTerm,
- in the range 1-100.
- format: int32
- type: integer
- required:
- - podAffinityTerm
- - weight
- type: object
- type: array
- requiredDuringSchedulingIgnoredDuringExecution:
- description: If the anti-affinity requirements
- specified by this field are not met at scheduling
- time, the pod will not be scheduled onto
- the node. If the anti-affinity requirements
- specified by this field cease to be met
- at some point during pod execution (e.g.
- due to a pod label update), the system may
- or may not try to eventually evict the pod
- from its node. When there are multiple elements,
- the lists of nodes corresponding to each
- podAffinityTerm are intersected, i.e. all
- terms must be satisfied.
- items:
- description: Defines a set of pods (namely
- those matching the labelSelector relative
- to the given namespace(s)) that this pod
- should be co-located (affinity) or not
- co-located (anti-affinity) with, where
- co-located is defined as running on a
- node whose value of the label with key
- <topologyKey> matches that of any node
- on which a pod of the set of pods is running
- properties:
- labelSelector:
- description: A label query over a set
- of resources, in this case pods.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaceSelector:
- description: A label query over the
- set of namespaces that the term applies
- to. The term is applied to the union
- of the namespaces selected by this
- field and the ones listed in the namespaces
- field. null selector and null or empty
- namespaces list means "this pod's
- namespace". An empty selector ({})
- matches all namespaces.
- properties:
- matchExpressions:
- description: matchExpressions is
- a list of label selector requirements.
- The requirements are ANDed.
- items:
- description: A label selector
- requirement is a selector that
- contains values, a key, and
- an operator that relates the
- key and values.
- properties:
- key:
- description: key is the label
- key that the selector applies
- to.
- type: string
- operator:
- description: operator represents
- a key's relationship to
- a set of values. Valid operators
- are In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is an
- array of string values.
- If the operator is In or
- NotIn, the values array
- must be non-empty. If the
- operator is Exists or DoesNotExist,
- the values array must be
- empty. This array is replaced
- during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map
- of {key,value} pairs. A single
- {key,value} in the matchLabels
- map is equivalent to an element
- of matchExpressions, whose key
- field is "key", the operator is
- "In", and the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- namespaces:
- description: namespaces specifies a
- static list of namespace names that
- the term applies to. The term is applied
- to the union of the namespaces listed
- in this field and the ones selected
- by namespaceSelector. null or empty
- namespaces list and null namespaceSelector
- means "this pod's namespace".
- items:
- type: string
- type: array
- topologyKey:
- description: This pod should be co-located
- (affinity) or not co-located (anti-affinity)
- with the pods matching the labelSelector
- in the specified namespaces, where
- co-located is defined as running on
- a node whose value of the label with
- key topologyKey matches that of any
- node on which any of the selected
- pods is running. Empty topologyKey
- is not allowed.
- type: string
- required:
- - topologyKey
- type: object
- type: array
- type: object
- type: object
- automountServiceAccountToken:
- description: AutomountServiceAccountToken indicates
- whether a service account token should be automatically
- mounted.
- type: boolean
- containers:
- description: List of containers belonging to the pod.
- Containers cannot currently be added or removed.
- There must be at least one container in a Pod. Cannot
- be updated.
- items:
- description: A single application container that
- you want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- container image''s CMD is used if this is
- not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed
- within a shell. The container image''s ENTRYPOINT
- is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using
- the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to
- a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if
- value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in
- terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified API
- version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event
- when the container is starting. When a key
- exists in multiple sources, the value associated
- with the last source will take precedence.
- Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the
- source of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if
- :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and
- restarted according to its restart policy.
- Other management of the container blocks
- until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler
- is not called if the container crashes
- or exits. The Pod''s termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period (unless delayed by finalizers).
- Other management of the container blocks
- until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified
- as a DNS_LABEL. Each container in a pod must
- have a unique name (DNS_LABEL). Cannot be
- updated.
- type: string
- ports:
- description: List of ports to expose from the
- container. Not specifying a port here DOES
- NOT prevent that port from being exposed.
- Any port which is listening on the default
- "0.0.0.0" address inside a container will
- be accessible from the network. Modifying
- this array with strategic merge patch may
- corrupt the data. For more information See
- https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose
- on the pod's IP address. This must be
- a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the
- external port to.
- type: string
- hostPort:
- description: Number of port to expose
- on the host. If specified, this must
- be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must
- match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from
- service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by
- this container. Cannot be updated. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required.
- If Requests is omitted for a container,
- it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'SecurityContext defines the security
- options the container should be run with.
- If set, the fields of SecurityContext override
- the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is:
- 1) run as Privileged 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when
- spec.os.name is windows.'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by
- the container runtime. Note that this
- field cannot be set when spec.os.name
- is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged
- mode. Processes in privileged containers
- are essentially equivalent to root on
- the host. Defaults to false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- procMount:
- description: procMount denotes the type
- of proc mount to use for the containers.
- The default is DefaultProcMount which
- uses the container runtime defaults for
- readonly paths and masked paths. This
- requires the ProcMountType feature flag
- to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has
- a read-only root filesystem. Default is
- false. Note that this field cannot be
- set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime
- default if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true,
- the Kubelet will validate the image at
- runtime to ensure that it does not run
- as UID 0 (root) and fail to start the
- container if it does. If unset or false,
- no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to
- user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the
- container runtime will allocate a random
- SELinux context for each container. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level
- label that applies to the container.
- type: string
- role:
- description: Role is a SELinux role
- label that applies to the container.
- type: string
- type:
- description: Type is a SELinux type
- label that applies to the container.
- type: string
- user:
- description: User is a SELinux user
- label that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use
- by this container. If seccomp options
- are provided at both the pod & container
- level, the container options override
- the pod options. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the
- node should be used. The profile must
- be preconfigured on the node to work.
- Must be a descending path, relative
- to the kubelet's configured seccomp
- profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost -
- a profile defined in a file on the
- node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName
- is the name of the GMSA credential
- spec to use.
- type: string
- hostProcess:
- description: HostProcess determines
- if a container should be run as a
- 'Host Process' container. This field
- is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a
- Pod's containers must have the same
- effective HostProcess value (it is
- not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows
- to run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified.
- May also be set in PodSecurityContext.
- If set in both SecurityContext and
- PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod
- will be restarted, just as if the livenessProbe
- failed. This can be used to provide different
- probe parameters at the beginning of a Pod''s
- lifecycle, when it might take a long time
- to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been
- opened by a single attach. When stdin is true
- the stdin stream will remain open across multiple
- attach sessions. If stdinOnce is set to true,
- stdin is opened on container start, is empty
- until the first client attaches to stdin,
- and then remains open and accepts data until
- the client disconnects, at which time stdin
- is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never
- receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to
- be brief final status, such as an assertion
- failure message. Will be truncated by the
- node if greater than 4096 bytes. The total
- message length across all containers will
- be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the
- container status message on both success and
- failure. FallbackToLogsOnError will use the
- last chunk of container log output if the
- termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to
- be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name
- of a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container
- at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name
- of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should
- be mounted. Defaults to "" (volume's
- root).
- type: string
- subPathExpr:
- description: Expanded path within the
- volume from which the container's volume
- should be mounted. Behaves similarly
- to SubPath but environment variable
- references $(VAR_NAME) are expanded
- using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and
- SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory.
- If not specified, the container runtime's
- default will be used, which might be configured
- in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- dnsConfig:
- description: Specifies the DNS parameters of a pod.
- Parameters specified here will be merged to the
- generated DNS configuration based on DNSPolicy.
- properties:
- nameservers:
- description: A list of DNS name server IP addresses.
- This will be appended to the base nameservers
- generated from DNSPolicy. Duplicated nameservers
- will be removed.
- items:
- type: string
- type: array
- options:
- description: A list of DNS resolver options. This
- will be merged with the base options generated
- from DNSPolicy. Duplicated entries will be removed.
- Resolution options given in Options will override
- those that appear in the base DNSPolicy.
- items:
- description: PodDNSConfigOption defines DNS
- resolver options of a pod.
- properties:
- name:
- description: Required.
- type: string
- value:
- type: string
- type: object
- type: array
- searches:
- description: A list of DNS search domains for
- host-name lookup. This will be appended to the
- base search paths generated from DNSPolicy.
- Duplicated search paths will be removed.
- items:
- type: string
- type: array
- type: object
- dnsPolicy:
- description: Set DNS policy for the pod. Defaults
- to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet',
- 'ClusterFirst', 'Default' or 'None'. DNS parameters
- given in DNSConfig will be merged with the policy
- selected with DNSPolicy. To have DNS options set
- along with hostNetwork, you have to specify DNS
- policy explicitly to 'ClusterFirstWithHostNet'.
- type: string
- enableServiceLinks:
- description: 'EnableServiceLinks indicates whether
- information about services should be injected into
- pod''s environment variables, matching the syntax
- of Docker links. Optional: Defaults to true.'
- type: boolean
- ephemeralContainers:
- description: List of ephemeral containers run in this
- pod. Ephemeral containers may be run in an existing
- pod to perform user-initiated actions such as debugging.
- This list cannot be specified when creating a pod,
- and it cannot be modified by updating the pod spec.
- In order to add an ephemeral container to an existing
- pod, use the pod's ephemeralcontainers subresource.
- items:
- description: "An EphemeralContainer is a temporary
- container that you may add to an existing Pod
- for user-initiated activities such as debugging.
- Ephemeral containers have no resource or scheduling
- guarantees, and they will not be restarted when
- they exit or when a Pod is removed or restarted.
- The kubelet may evict a Pod if an ephemeral container
- causes the Pod to exceed its resource allocation.
- \n To add an ephemeral container, use the ephemeralcontainers
- subresource of an existing Pod. Ephemeral containers
- may not be removed or restarted."
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- image''s CMD is used if this is not provided.
- Variable references $(VAR_NAME) are expanded
- using the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed
- within a shell. The image''s ENTRYPOINT is
- used if this is not provided. Variable references
- $(VAR_NAME) are expanded using the container''s
- environment. If a variable cannot be resolved,
- the reference in the input string will be
- unchanged. Double $$ are reduced to a single
- $, which allows for escaping the $(VAR_NAME)
- syntax: i.e. "$$(VAR_NAME)" will produce the
- string literal "$(VAR_NAME)". Escaped references
- will never be expanded, regardless of whether
- the variable exists or not. Cannot be updated.
- More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to
- a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if
- value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in
- terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified API
- version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event
- when the container is starting. When a key
- exists in multiple sources, the value associated
- with the last source will take precedence.
- Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the
- source of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if
- :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Lifecycle is not allowed for ephemeral
- containers.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and
- restarted according to its restart policy.
- Other management of the container blocks
- until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler
- is not called if the container crashes
- or exits. The Pod''s termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period (unless delayed by finalizers).
- Other management of the container blocks
- until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the ephemeral container
- specified as a DNS_LABEL. This name must be
- unique among all containers, init containers
- and ephemeral containers.
- type: string
- ports:
- description: Ports are not allowed for ephemeral
- containers.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose
- on the pod's IP address. This must be
- a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the
- external port to.
- type: string
- hostPort:
- description: Number of port to expose
- on the host. If specified, this must
- be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must
- match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: Resources are not allowed for ephemeral
- containers. Ephemeral containers use spare
- resources already allocated to the pod.
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required.
- If Requests is omitted for a container,
- it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'Optional: SecurityContext defines
- the security options the ephemeral container
- should be run with. If set, the fields of
- SecurityContext override the equivalent fields
- of PodSecurityContext.'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is:
- 1) run as Privileged 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when
- spec.os.name is windows.'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by
- the container runtime. Note that this
- field cannot be set when spec.os.name
- is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged
- mode. Processes in privileged containers
- are essentially equivalent to root on
- the host. Defaults to false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- procMount:
- description: procMount denotes the type
- of proc mount to use for the containers.
- The default is DefaultProcMount which
- uses the container runtime defaults for
- readonly paths and masked paths. This
- requires the ProcMountType feature flag
- to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has
- a read-only root filesystem. Default is
- false. Note that this field cannot be
- set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime
- default if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true,
- the Kubelet will validate the image at
- runtime to ensure that it does not run
- as UID 0 (root) and fail to start the
- container if it does. If unset or false,
- no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to
- user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the
- container runtime will allocate a random
- SELinux context for each container. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level
- label that applies to the container.
- type: string
- role:
- description: Role is a SELinux role
- label that applies to the container.
- type: string
- type:
- description: Type is a SELinux type
- label that applies to the container.
- type: string
- user:
- description: User is a SELinux user
- label that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use
- by this container. If seccomp options
- are provided at both the pod & container
- level, the container options override
- the pod options. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the
- node should be used. The profile must
- be preconfigured on the node to work.
- Must be a descending path, relative
- to the kubelet's configured seccomp
- profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost -
- a profile defined in a file on the
- node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName
- is the name of the GMSA credential
- spec to use.
- type: string
- hostProcess:
- description: HostProcess determines
- if a container should be run as a
- 'Host Process' container. This field
- is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a
- Pod's containers must have the same
- effective HostProcess value (it is
- not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows
- to run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified.
- May also be set in PodSecurityContext.
- If set in both SecurityContext and
- PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: Probes are not allowed for ephemeral
- containers.
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been
- opened by a single attach. When stdin is true
- the stdin stream will remain open across multiple
- attach sessions. If stdinOnce is set to true,
- stdin is opened on container start, is empty
- until the first client attaches to stdin,
- and then remains open and accepts data until
- the client disconnects, at which time stdin
- is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never
- receive an EOF. Default is false
- type: boolean
- targetContainerName:
- description: "If set, the name of the container
- from PodSpec that this ephemeral container
- targets. The ephemeral container will be run
- in the namespaces (IPC, PID, etc) of this
- container. If not set then the ephemeral container
- uses the namespaces configured in the Pod
- spec. \n The container runtime must implement
- support for this feature. If the runtime does
- not support namespace targeting then the result
- of setting this field is undefined."
- type: string
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to
- be brief final status, such as an assertion
- failure message. Will be truncated by the
- node if greater than 4096 bytes. The total
- message length across all containers will
- be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the
- container status message on both success and
- failure. FallbackToLogsOnError will use the
- last chunk of container log output if the
- termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to
- be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name
- of a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Subpath mounts are not allowed
- for ephemeral containers. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container
- at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name
- of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should
- be mounted. Defaults to "" (volume's
- root).
- type: string
- subPathExpr:
- description: Expanded path within the
- volume from which the container's volume
- should be mounted. Behaves similarly
- to SubPath but environment variable
- references $(VAR_NAME) are expanded
- using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and
- SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory.
- If not specified, the container runtime's
- default will be used, which might be configured
- in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- hostAliases:
- description: HostAliases is an optional list of hosts
- and IPs that will be injected into the pod's hosts
- file if specified. This is only valid for non-hostNetwork
- pods.
- items:
- description: HostAlias holds the mapping between
- IP and hostnames that will be injected as an entry
- in the pod's hosts file.
- properties:
- hostnames:
- description: Hostnames for the above IP address.
- items:
- type: string
- type: array
- ip:
- description: IP address of the host file entry.
- type: string
- type: object
- type: array
- hostIPC:
- description: 'Use the host''s ipc namespace. Optional:
- Default to false.'
- type: boolean
- hostNetwork:
- description: Host networking requested for this pod.
- Use the host's network namespace. If this option
- is set, the ports that will be used must be specified.
- Default to false.
- type: boolean
- hostPID:
- description: 'Use the host''s pid namespace. Optional:
- Default to false.'
- type: boolean
- hostUsers:
- description: 'Use the host''s user namespace. Optional:
- Default to true. If set to true or not present,
- the pod will be run in the host user namespace,
- useful for when the pod needs a feature only available
- to the host user namespace, such as loading a kernel
- module with CAP_SYS_MODULE. When set to false, a
- new userns is created for the pod. Setting false
- is useful for mitigating container breakout vulnerabilities
- even allowing users to run their containers as root
- without actually having root privileges on the host.
- This field is alpha-level and is only honored by
- servers that enable the UserNamespacesSupport feature.'
- type: boolean
- hostname:
- description: Specifies the hostname of the Pod If
- not specified, the pod's hostname will be set to
- a system-defined value.
- type: string
- imagePullSecrets:
- description: 'ImagePullSecrets is an optional list
- of references to secrets in the same namespace to
- use for pulling any of the images used by this PodSpec.
- If specified, these secrets will be passed to individual
- puller implementations for them to use. More info:
- https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
- items:
- description: LocalObjectReference contains enough
- information to let you locate the referenced object
- inside the same namespace.
- properties:
- name:
- description: 'Name of the referent. More info:
- https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- initContainers:
- description: 'List of initialization containers belonging
- to the pod. Init containers are executed in order
- prior to containers being started. If any init container
- fails, the pod is considered to have failed and
- is handled according to its restartPolicy. The name
- for an init container or normal container must be
- unique among all containers. Init containers may
- not have Lifecycle actions, Readiness probes, Liveness
- probes, or Startup probes. The resourceRequirements
- of an init container are taken into account during
- scheduling by finding the highest request/limit
- for each resource type, and then using the max of
- of that value or the sum of the normal containers.
- Limits are applied to init containers in a similar
- fashion. Init containers cannot currently be added
- or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
- items:
- description: A single application container that
- you want to run within a pod.
- properties:
- args:
- description: 'Arguments to the entrypoint. The
- container image''s CMD is used if this is
- not provided. Variable references $(VAR_NAME)
- are expanded using the container''s environment.
- If a variable cannot be resolved, the reference
- in the input string will be unchanged. Double
- $$ are reduced to a single $, which allows
- for escaping the $(VAR_NAME) syntax: i.e.
- "$$(VAR_NAME)" will produce the string literal
- "$(VAR_NAME)". Escaped references will never
- be expanded, regardless of whether the variable
- exists or not. Cannot be updated. More info:
- https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- command:
- description: 'Entrypoint array. Not executed
- within a shell. The container image''s ENTRYPOINT
- is used if this is not provided. Variable
- references $(VAR_NAME) are expanded using
- the container''s environment. If a variable
- cannot be resolved, the reference in the input
- string will be unchanged. Double $$ are reduced
- to a single $, which allows for escaping the
- $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
- produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
- items:
- type: string
- type: array
- env:
- description: List of environment variables to
- set in the container. Cannot be updated.
- items:
- description: EnvVar represents an environment
- variable present in a Container.
- properties:
- name:
- description: Name of the environment variable.
- Must be a C_IDENTIFIER.
- type: string
- value:
- description: 'Variable references $(VAR_NAME)
- are expanded using the previously defined
- environment variables in the container
- and any service environment variables.
- If a variable cannot be resolved, the
- reference in the input string will be
- unchanged. Double $$ are reduced to
- a single $, which allows for escaping
- the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
- will produce the string literal "$(VAR_NAME)".
- Escaped references will never be expanded,
- regardless of whether the variable exists
- or not. Defaults to "".'
- type: string
- valueFrom:
- description: Source for the environment
- variable's value. Cannot be used if
- value is not empty.
- properties:
- configMapKeyRef:
- description: Selects a key of a ConfigMap.
- properties:
- key:
- description: The key to select.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- ConfigMap or its key must be
- defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- fieldRef:
- description: 'Selects a field of the
- pod: supports metadata.name, metadata.namespace,
- `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
- spec.nodeName, spec.serviceAccountName,
- status.hostIP, status.podIP, status.podIPs.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in
- terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified API
- version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- limits.ephemeral-storage, requests.cpu,
- requests.memory and requests.ephemeral-storage)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- secretKeyRef:
- description: Selects a key of a secret
- in the pod's namespace
- properties:
- key:
- description: The key of the secret
- to select from. Must be a valid
- secret key.
- type: string
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: Specify whether the
- Secret or its key must be defined
- type: boolean
- required:
- - key
- type: object
- x-kubernetes-map-type: atomic
- type: object
- required:
- - name
- type: object
- type: array
- envFrom:
- description: List of sources to populate environment
- variables in the container. The keys defined
- within a source must be a C_IDENTIFIER. All
- invalid keys will be reported as an event
- when the container is starting. When a key
- exists in multiple sources, the value associated
- with the last source will take precedence.
- Values defined by an Env with a duplicate
- key will take precedence. Cannot be updated.
- items:
- description: EnvFromSource represents the
- source of a set of ConfigMaps
- properties:
- configMapRef:
- description: The ConfigMap to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the ConfigMap
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- prefix:
- description: An optional identifier to
- prepend to each key in the ConfigMap.
- Must be a C_IDENTIFIER.
- type: string
- secretRef:
- description: The Secret to select from
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: Specify whether the Secret
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: array
- image:
- description: 'Container image name. More info:
- https://kubernetes.io/docs/concepts/containers/images
- This field is optional to allow higher level
- config management to default or override container
- images in workload controllers like Deployments
- and StatefulSets.'
- type: string
- imagePullPolicy:
- description: 'Image pull policy. One of Always,
- Never, IfNotPresent. Defaults to Always if
- :latest tag is specified, or IfNotPresent
- otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
- type: string
- lifecycle:
- description: Actions that the management system
- should take in response to container lifecycle
- events. Cannot be updated.
- properties:
- postStart:
- description: 'PostStart is called immediately
- after a container is created. If the handler
- fails, the container is terminated and
- restarted according to its restart policy.
- Other management of the container blocks
- until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- preStop:
- description: 'PreStop is called immediately
- before a container is terminated due to
- an API request or management event such
- as liveness/startup probe failure, preemption,
- resource contention, etc. The handler
- is not called if the container crashes
- or exits. The Pod''s termination grace
- period countdown begins before the PreStop
- hook is executed. Regardless of the outcome
- of the handler, the container will eventually
- terminate within the Pod''s termination
- grace period (unless delayed by finalizers).
- Other management of the container blocks
- until the hook completes or until the
- termination grace period is reached. More
- info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
- properties:
- exec:
- description: Exec specifies the action
- to take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the
- command is root ('/') in the
- container's filesystem. The command
- is simply exec'd, it is not run
- inside a shell, so traditional
- shell instructions ('|', etc)
- won't work. To use a shell, you
- need to explicitly call out to
- that shell. Exit status of 0 is
- treated as live/healthy and non-zero
- is unhealthy.
- items:
- type: string
- type: array
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect
- to, defaults to the pod IP. You
- probably want to set "Host" in
- httpHeaders instead.
- type: string
- httpHeaders:
- description: Custom headers to set
- in the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in
- HTTP probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the
- HTTP server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- tcpSocket:
- description: Deprecated. TCPSocket is
- NOT supported as a LifecycleHandler
- and kept for the backward compatibility.
- There are no validation of this field
- and lifecycle hooks will fail in runtime
- when tcp handler is specified.
- properties:
- host:
- description: 'Optional: Host name
- to connect to, defaults to the
- pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the
- port to access on the container.
- Number must be in the range 1
- to 65535. Name must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- type: object
- type: object
- livenessProbe:
- description: 'Periodic probe of container liveness.
- Container will be restarted if the probe fails.
- Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- name:
- description: Name of the container specified
- as a DNS_LABEL. Each container in a pod must
- have a unique name (DNS_LABEL). Cannot be
- updated.
- type: string
- ports:
- description: List of ports to expose from the
- container. Not specifying a port here DOES
- NOT prevent that port from being exposed.
- Any port which is listening on the default
- "0.0.0.0" address inside a container will
- be accessible from the network. Modifying
- this array with strategic merge patch may
- corrupt the data. For more information See
- https://github.com/kubernetes/kubernetes/issues/108255.
- Cannot be updated.
- items:
- description: ContainerPort represents a network
- port in a single container.
- properties:
- containerPort:
- description: Number of port to expose
- on the pod's IP address. This must be
- a valid port number, 0 < x < 65536.
- format: int32
- type: integer
- hostIP:
- description: What host IP to bind the
- external port to.
- type: string
- hostPort:
- description: Number of port to expose
- on the host. If specified, this must
- be a valid port number, 0 < x < 65536.
- If HostNetwork is specified, this must
- match ContainerPort. Most containers
- do not need this.
- format: int32
- type: integer
- name:
- description: If specified, this must be
- an IANA_SVC_NAME and unique within the
- pod. Each named port in a pod must have
- a unique name. Name for the port that
- can be referred to by services.
- type: string
- protocol:
- default: TCP
- description: Protocol for port. Must be
- UDP, TCP, or SCTP. Defaults to "TCP".
- type: string
- required:
- - containerPort
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - containerPort
- - protocol
- x-kubernetes-list-type: map
- readinessProbe:
- description: 'Periodic probe of container service
- readiness. Container will be removed from
- service endpoints if the probe fails. Cannot
- be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- resources:
- description: 'Compute Resources required by
- this container. Cannot be updated. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes the maximum
- amount of compute resources allowed. More
- info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes the minimum
- amount of compute resources required.
- If Requests is omitted for a container,
- it defaults to Limits if that is explicitly
- specified, otherwise to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- securityContext:
- description: 'SecurityContext defines the security
- options the container should be run with.
- If set, the fields of SecurityContext override
- the equivalent fields of PodSecurityContext.
- More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
- properties:
- allowPrivilegeEscalation:
- description: 'AllowPrivilegeEscalation controls
- whether a process can gain more privileges
- than its parent process. This bool directly
- controls if the no_new_privs flag will
- be set on the container process. AllowPrivilegeEscalation
- is true always when the container is:
- 1) run as Privileged 2) has CAP_SYS_ADMIN
- Note that this field cannot be set when
- spec.os.name is windows.'
- type: boolean
- capabilities:
- description: The capabilities to add/drop
- when running containers. Defaults to the
- default set of capabilities granted by
- the container runtime. Note that this
- field cannot be set when spec.os.name
- is windows.
- properties:
- add:
- description: Added capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- drop:
- description: Removed capabilities
- items:
- description: Capability represent
- POSIX capabilities type
- type: string
- type: array
- type: object
- privileged:
- description: Run container in privileged
- mode. Processes in privileged containers
- are essentially equivalent to root on
- the host. Defaults to false. Note that
- this field cannot be set when spec.os.name
- is windows.
- type: boolean
- procMount:
- description: procMount denotes the type
- of proc mount to use for the containers.
- The default is DefaultProcMount which
- uses the container runtime defaults for
- readonly paths and masked paths. This
- requires the ProcMountType feature flag
- to be enabled. Note that this field cannot
- be set when spec.os.name is windows.
- type: string
- readOnlyRootFilesystem:
- description: Whether this container has
- a read-only root filesystem. Default is
- false. Note that this field cannot be
- set when spec.os.name is windows.
- type: boolean
- runAsGroup:
- description: The GID to run the entrypoint
- of the container process. Uses runtime
- default if unset. May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container
- must run as a non-root user. If true,
- the Kubelet will validate the image at
- runtime to ensure that it does not run
- as UID 0 (root) and fail to start the
- container if it does. If unset or false,
- no such validation will be performed.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint
- of the container process. Defaults to
- user specified in image metadata if unspecified.
- May also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to the container. If unspecified, the
- container runtime will allocate a random
- SELinux context for each container. May
- also be set in PodSecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext
- takes precedence. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level
- label that applies to the container.
- type: string
- role:
- description: Role is a SELinux role
- label that applies to the container.
- type: string
- type:
- description: Type is a SELinux type
- label that applies to the container.
- type: string
- user:
- description: User is a SELinux user
- label that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use
- by this container. If seccomp options
- are provided at both the pod & container
- level, the container options override
- the pod options. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates
- a profile defined in a file on the
- node should be used. The profile must
- be preconfigured on the node to work.
- Must be a descending path, relative
- to the kubelet's configured seccomp
- profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind
- of seccomp profile will be applied.
- Valid options are: \n Localhost -
- a profile defined in a file on the
- node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- windowsOptions:
- description: The Windows specific settings
- applied to all containers. If unspecified,
- the options from the PodSecurityContext
- will be used. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence. Note
- that this field cannot be set when spec.os.name
- is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where
- the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName
- is the name of the GMSA credential
- spec to use.
- type: string
- hostProcess:
- description: HostProcess determines
- if a container should be run as a
- 'Host Process' container. This field
- is alpha-level and will only be honored
- by components that enable the WindowsHostProcessContainers
- feature flag. Setting this field without
- the feature flag will result in errors
- when validating the Pod. All of a
- Pod's containers must have the same
- effective HostProcess value (it is
- not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then
- HostNetwork must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows
- to run the entrypoint of the container
- process. Defaults to the user specified
- in image metadata if unspecified.
- May also be set in PodSecurityContext.
- If set in both SecurityContext and
- PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- startupProbe:
- description: 'StartupProbe indicates that the
- Pod has successfully initialized. If specified,
- no other probes are executed until this completes
- successfully. If this probe fails, the Pod
- will be restarted, just as if the livenessProbe
- failed. This can be used to provide different
- probe parameters at the beginning of a Pod''s
- lifecycle, when it might take a long time
- to load data or warm a cache, than during
- steady-state operation. This cannot be updated.
- More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- properties:
- exec:
- description: Exec specifies the action to
- take.
- properties:
- command:
- description: Command is the command
- line to execute inside the container,
- the working directory for the command is
- root ('/') in the container's filesystem.
- The command is simply exec'd, it is
- not run inside a shell, so traditional
- shell instructions ('|', etc) won't
- work. To use a shell, you need to
- explicitly call out to that shell.
- Exit status of 0 is treated as live/healthy
- and non-zero is unhealthy.
- items:
- type: string
- type: array
- type: object
- failureThreshold:
- description: Minimum consecutive failures
- for the probe to be considered failed
- after having succeeded. Defaults to 3.
- Minimum value is 1.
- format: int32
- type: integer
- grpc:
- description: GRPC specifies an action involving
- a GRPC port. This is a beta field and
- requires enabling GRPCContainerProbe feature
- gate.
- properties:
- port:
- description: Port number of the gRPC
- service. Number must be in the range
- 1 to 65535.
- format: int32
- type: integer
- service:
- description: "Service is the name of
- the service to place in the gRPC HealthCheckRequest
- (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
- \n If this is not specified, the default
- behavior is defined by gRPC."
- type: string
- required:
- - port
- type: object
- httpGet:
- description: HTTPGet specifies the http
- request to perform.
- properties:
- host:
- description: Host name to connect to,
- defaults to the pod IP. You probably
- want to set "Host" in httpHeaders
- instead.
- type: string
- httpHeaders:
- description: Custom headers to set in
- the request. HTTP allows repeated
- headers.
- items:
- description: HTTPHeader describes
- a custom header to be used in HTTP
- probes
- properties:
- name:
- description: The header field
- name
- type: string
- value:
- description: The header field
- value
- type: string
- required:
- - name
- - value
- type: object
- type: array
- path:
- description: Path to access on the HTTP
- server.
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Name or number of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- scheme:
- description: Scheme to use for connecting
- to the host. Defaults to HTTP.
- type: string
- required:
- - port
- type: object
- initialDelaySeconds:
- description: 'Number of seconds after the
- container has started before liveness
- probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- periodSeconds:
- description: How often (in seconds) to perform
- the probe. Default to 10 seconds. Minimum
- value is 1.
- format: int32
- type: integer
- successThreshold:
- description: Minimum consecutive successes
- for the probe to be considered successful
- after having failed. Defaults to 1. Must
- be 1 for liveness and startup. Minimum
- value is 1.
- format: int32
- type: integer
- tcpSocket:
- description: TCPSocket specifies an action
- involving a TCP port.
- properties:
- host:
- description: 'Optional: Host name to
- connect to, defaults to the pod IP.'
- type: string
- port:
- anyOf:
- - type: integer
- - type: string
- description: Number or name of the port
- to access on the container. Number
- must be in the range 1 to 65535. Name
- must be an IANA_SVC_NAME.
- x-kubernetes-int-or-string: true
- required:
- - port
- type: object
- terminationGracePeriodSeconds:
- description: Optional duration in seconds
- the pod needs to terminate gracefully
- upon probe failure. The grace period is
- the duration in seconds after the processes
- running in the pod are sent a termination
- signal and the time when the processes
- are forcibly halted with a kill signal.
- Set this value longer than the expected
- cleanup time for your process. If this
- value is nil, the pod's terminationGracePeriodSeconds
- will be used. Otherwise, this value overrides
- the value provided by the pod spec. Value
- must be non-negative integer. The value
- zero indicates stop immediately via the
- kill signal (no opportunity to shut down).
- This is a beta field and requires enabling
- ProbeTerminationGracePeriod feature gate.
- Minimum value is 1. spec.terminationGracePeriodSeconds
- is used if unset.
- format: int64
- type: integer
- timeoutSeconds:
- description: 'Number of seconds after which
- the probe times out. Defaults to 1 second.
- Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
- format: int32
- type: integer
- type: object
- stdin:
- description: Whether this container should allocate
- a buffer for stdin in the container runtime.
- If this is not set, reads from stdin in the
- container will always result in EOF. Default
- is false.
- type: boolean
- stdinOnce:
- description: Whether the container runtime should
- close the stdin channel after it has been
- opened by a single attach. When stdin is true
- the stdin stream will remain open across multiple
- attach sessions. If stdinOnce is set to true,
- stdin is opened on container start, is empty
- until the first client attaches to stdin,
- and then remains open and accepts data until
- the client disconnects, at which time stdin
- is closed and remains closed until the container
- is restarted. If this flag is false, a container
- processes that reads from stdin will never
- receive an EOF. Default is false
- type: boolean
- terminationMessagePath:
- description: 'Optional: Path at which the file
- to which the container''s termination message
- will be written is mounted into the container''s
- filesystem. Message written is intended to
- be brief final status, such as an assertion
- failure message. Will be truncated by the
- node if greater than 4096 bytes. The total
- message length across all containers will
- be limited to 12kb. Defaults to /dev/termination-log.
- Cannot be updated.'
- type: string
- terminationMessagePolicy:
- description: Indicate how the termination message
- should be populated. File will use the contents
- of terminationMessagePath to populate the
- container status message on both success and
- failure. FallbackToLogsOnError will use the
- last chunk of container log output if the
- termination message file is empty and the
- container exited with an error. The log output
- is limited to 2048 bytes or 80 lines, whichever
- is smaller. Defaults to File. Cannot be updated.
- type: string
- tty:
- description: Whether this container should allocate
- a TTY for itself, also requires 'stdin' to
- be true. Default is false.
- type: boolean
- volumeDevices:
- description: volumeDevices is the list of block
- devices to be used by the container.
- items:
- description: volumeDevice describes a mapping
- of a raw block device within a container.
- properties:
- devicePath:
- description: devicePath is the path inside
- of the container that the device will
- be mapped to.
- type: string
- name:
- description: name must match the name
- of a persistentVolumeClaim in the pod
- type: string
- required:
- - devicePath
- - name
- type: object
- type: array
- volumeMounts:
- description: Pod volumes to mount into the container's
- filesystem. Cannot be updated.
- items:
- description: VolumeMount describes a mounting
- of a Volume within a container.
- properties:
- mountPath:
- description: Path within the container
- at which the volume should be mounted. Must
- not contain ':'.
- type: string
- mountPropagation:
- description: mountPropagation determines
- how mounts are propagated from the host
- to container and the other way around.
- When not set, MountPropagationNone is
- used. This field is beta in 1.10.
- type: string
- name:
- description: This must match the Name
- of a Volume.
- type: string
- readOnly:
- description: Mounted read-only if true,
- read-write otherwise (false or unspecified).
- Defaults to false.
- type: boolean
- subPath:
- description: Path within the volume from
- which the container's volume should
- be mounted. Defaults to "" (volume's
- root).
- type: string
- subPathExpr:
- description: Expanded path within the
- volume from which the container's volume
- should be mounted. Behaves similarly
- to SubPath but environment variable
- references $(VAR_NAME) are expanded
- using the container's environment. Defaults
- to "" (volume's root). SubPathExpr and
- SubPath are mutually exclusive.
- type: string
- required:
- - mountPath
- - name
- type: object
- type: array
- workingDir:
- description: Container's working directory.
- If not specified, the container runtime's
- default will be used, which might be configured
- in the container image. Cannot be updated.
- type: string
- required:
- - name
- type: object
- type: array
- nodeName:
- description: NodeName is a request to schedule this
- pod onto a specific node. If it is non-empty, the
- scheduler simply schedules this pod onto that node,
- assuming that it fits resource requirements.
- type: string
- nodeSelector:
- additionalProperties:
- type: string
- description: 'NodeSelector is a selector which must
- be true for the pod to fit on a node. Selector which
- must match a node''s labels for the pod to be scheduled
- on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
- type: object
- x-kubernetes-map-type: atomic
- os:
- description: "Specifies the OS of the containers in
- the pod. Some pod and container fields are restricted
- if this is set. \n If the OS field is set to linux,
- the following fields must be unset: -securityContext.windowsOptions
- \n If the OS field is set to windows, following
- fields must be unset: - spec.hostPID - spec.hostIPC
- - spec.hostUsers - spec.securityContext.seLinuxOptions
- - spec.securityContext.seccompProfile - spec.securityContext.fsGroup
- - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls
- - spec.shareProcessNamespace - spec.securityContext.runAsUser
- - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups
- - spec.containers[*].securityContext.seLinuxOptions
- - spec.containers[*].securityContext.seccompProfile
- - spec.containers[*].securityContext.capabilities
- - spec.containers[*].securityContext.readOnlyRootFilesystem
- - spec.containers[*].securityContext.privileged
- - spec.containers[*].securityContext.allowPrivilegeEscalation
- - spec.containers[*].securityContext.procMount -
- spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup"
- properties:
- name:
- description: 'Name is the name of the operating
- system. The currently supported values are linux
- and windows. Additional value may be defined
- in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
- Clients should expect to handle additional values
- and treat unrecognized values in this field
- as os: null'
- type: string
- required:
- - name
- type: object
- overhead:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Overhead represents the resource overhead
- associated with running a pod for a given RuntimeClass.
- This field will be autopopulated at admission time
- by the RuntimeClass admission controller. If the
- RuntimeClass admission controller is enabled, overhead
- must not be set in Pod create requests. The RuntimeClass
- admission controller will reject Pod create requests
- which have the overhead already set. If RuntimeClass
- is configured and selected in the PodSpec, Overhead
- will be set to the value defined in the corresponding
- RuntimeClass, otherwise it will remain unset and
- treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
- type: object
- preemptionPolicy:
- description: PreemptionPolicy is the Policy for preempting
- pods with lower priority. One of Never, PreemptLowerPriority.
- Defaults to PreemptLowerPriority if unset.
- type: string
- priority:
- description: The priority value. Various system components
- use this field to find the priority of the pod.
- When Priority Admission Controller is enabled, it
- prevents users from setting this field. The admission
- controller populates this field from PriorityClassName.
- The higher the value, the higher the priority.
- format: int32
- type: integer
- priorityClassName:
- description: If specified, indicates the pod's priority.
- "system-node-critical" and "system-cluster-critical"
- are two special keywords which indicate the highest
- priorities with the former being the highest priority.
- Any other name must be defined by creating a PriorityClass
- object with that name. If not specified, the pod
- priority will be default or zero if there is no
- default.
- type: string
- readinessGates:
- description: 'If specified, all readiness gates will
- be evaluated for pod readiness. A pod is ready when
- all its containers are ready AND all conditions
- specified in the readiness gates have status equal
- to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
- items:
- description: PodReadinessGate contains the reference
- to a pod condition
- properties:
- conditionType:
- description: ConditionType refers to a condition
- in the pod's condition list with matching
- type.
- type: string
- required:
- - conditionType
- type: object
- type: array
- restartPolicy:
- description: 'Restart policy for all containers within
- the pod. One of Always, OnFailure, Never. Default
- to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
- type: string
- runtimeClassName:
- description: 'RuntimeClassName refers to a RuntimeClass
- object in the node.k8s.io group, which should be
- used to run this pod. If no RuntimeClass resource
- matches the named class, the pod will not be run.
- If unset or empty, the "legacy" RuntimeClass will
- be used, which is an implicit class with an empty
- definition that uses the default runtime handler.
- More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
- type: string
- schedulerName:
- description: If specified, the pod will be dispatched
- by specified scheduler. If not specified, the pod
- will be dispatched by default scheduler.
- type: string
- securityContext:
- description: 'SecurityContext holds pod-level security
- attributes and common container settings. Optional:
- Defaults to empty. See type description for default
- values of each field.'
- properties:
- fsGroup:
- description: "A special supplemental group that
- applies to all containers in a pod. Some volume
- types allow the Kubelet to change the ownership
- of that volume to be owned by the pod: \n 1.
- The owning GID will be the FSGroup 2. The setgid
- bit is set (new files created in the volume
- will be owned by FSGroup) 3. The permission
- bits are OR'd with rw-rw---- \n If unset, the
- Kubelet will not modify the ownership and permissions
- of any volume. Note that this field cannot be
- set when spec.os.name is windows."
- format: int64
- type: integer
- fsGroupChangePolicy:
- description: 'fsGroupChangePolicy defines behavior
- of changing ownership and permission of the
- volume before being exposed inside Pod. This
- field will only apply to volume types which
- support fsGroup based ownership(and permissions).
- It will have no effect on ephemeral volume types
- such as: secret, configmaps and emptydir. Valid
- values are "OnRootMismatch" and "Always". If
- not specified, "Always" is used. Note that this
- field cannot be set when spec.os.name is windows.'
- type: string
- runAsGroup:
- description: The GID to run the entrypoint of
- the container process. Uses runtime default
- if unset. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- format: int64
- type: integer
- runAsNonRoot:
- description: Indicates that the container must
- run as a non-root user. If true, the Kubelet
- will validate the image at runtime to ensure
- that it does not run as UID 0 (root) and fail
- to start the container if it does. If unset
- or false, no such validation will be performed.
- May also be set in SecurityContext. If set
- in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence.
- type: boolean
- runAsUser:
- description: The UID to run the entrypoint of
- the container process. Defaults to user specified
- in image metadata if unspecified. May also be
- set in SecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence for that
- container. Note that this field cannot be set
- when spec.os.name is windows.
- format: int64
- type: integer
- seLinuxOptions:
- description: The SELinux context to be applied
- to all containers. If unspecified, the container
- runtime will allocate a random SELinux context
- for each container. May also be set in SecurityContext. If
- set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence for that container. Note that this
- field cannot be set when spec.os.name is windows.
- properties:
- level:
- description: Level is SELinux level label
- that applies to the container.
- type: string
- role:
- description: Role is a SELinux role label
- that applies to the container.
- type: string
- type:
- description: Type is a SELinux type label
- that applies to the container.
- type: string
- user:
- description: User is a SELinux user label
- that applies to the container.
- type: string
- type: object
- seccompProfile:
- description: The seccomp options to use by the
- containers in this pod. Note that this field
- cannot be set when spec.os.name is windows.
- properties:
- localhostProfile:
- description: localhostProfile indicates a
- profile defined in a file on the node should
- be used. The profile must be preconfigured
- on the node to work. Must be a descending
- path, relative to the kubelet's configured
- seccomp profile location. Must only be set
- if type is "Localhost".
- type: string
- type:
- description: "type indicates which kind of
- seccomp profile will be applied. Valid options
- are: \n Localhost - a profile defined in
- a file on the node should be used. RuntimeDefault
- - the container runtime default profile
- should be used. Unconfined - no profile
- should be applied."
- type: string
- required:
- - type
- type: object
- supplementalGroups:
- description: A list of groups applied to the first
- process run in each container, in addition to
- the container's primary GID. If unspecified,
- no groups will be added to any container. Note
- that this field cannot be set when spec.os.name
- is windows.
- items:
- format: int64
- type: integer
- type: array
- sysctls:
- description: Sysctls hold a list of namespaced
- sysctls used for the pod. Pods with unsupported
- sysctls (by the container runtime) might fail
- to launch. Note that this field cannot be set
- when spec.os.name is windows.
- items:
- description: Sysctl defines a kernel parameter
- to be set
- properties:
- name:
- description: Name of a property to set
- type: string
- value:
- description: Value of a property to set
- type: string
- required:
- - name
- - value
- type: object
- type: array
- windowsOptions:
- description: The Windows specific settings applied
- to all containers. If unspecified, the options
- within a container's SecurityContext will be
- used. If set in both SecurityContext and PodSecurityContext,
- the value specified in SecurityContext takes
- precedence. Note that this field cannot be set
- when spec.os.name is linux.
- properties:
- gmsaCredentialSpec:
- description: GMSACredentialSpec is where the
- GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
- inlines the contents of the GMSA credential
- spec named by the GMSACredentialSpecName
- field.
- type: string
- gmsaCredentialSpecName:
- description: GMSACredentialSpecName is the
- name of the GMSA credential spec to use.
- type: string
- hostProcess:
- description: HostProcess determines if a container
- should be run as a 'Host Process' container.
- This field is alpha-level and will only
- be honored by components that enable the
- WindowsHostProcessContainers feature flag.
- Setting this field without the feature flag
- will result in errors when validating the
- Pod. All of a Pod's containers must have
- the same effective HostProcess value (it
- is not allowed to have a mix of HostProcess
- containers and non-HostProcess containers). In
- addition, if HostProcess is true then HostNetwork
- must also be set to true.
- type: boolean
- runAsUserName:
- description: The UserName in Windows to run
- the entrypoint of the container process.
- Defaults to the user specified in image
- metadata if unspecified. May also be set
- in PodSecurityContext. If set in both SecurityContext
- and PodSecurityContext, the value specified
- in SecurityContext takes precedence.
- type: string
- type: object
- type: object
- serviceAccount:
- description: 'DeprecatedServiceAccount is a depreciated
- alias for ServiceAccountName. Deprecated: Use serviceAccountName
- instead.'
- type: string
- serviceAccountName:
- description: 'ServiceAccountName is the name of the
- ServiceAccount to use to run this pod. More info:
- https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
- type: string
- setHostnameAsFQDN:
- description: If true the pod's hostname will be configured
- as the pod's FQDN, rather than the leaf name (the
- default). In Linux containers, this means setting
- the FQDN in the hostname field of the kernel (the
- nodename field of struct utsname). In Windows containers,
- this means setting the registry value of hostname
- for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
- to FQDN. If a pod does not have FQDN, this has no
- effect. Default to false.
- type: boolean
- shareProcessNamespace:
- description: 'Share a single process namespace between
- all of the containers in a pod. When this is set
- containers will be able to view and signal processes
- from other containers in the same pod, and the first
- process in each container will not be assigned PID
- 1. HostPID and ShareProcessNamespace cannot both
- be set. Optional: Default to false.'
- type: boolean
- subdomain:
- description: If specified, the fully qualified Pod
- hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster
- domain>". If not specified, the pod will not have
- a domainname at all.
- type: string
- terminationGracePeriodSeconds:
- description: Optional duration in seconds the pod
- needs to terminate gracefully. May be decreased
- in delete request. Value must be non-negative integer.
- The value zero indicates stop immediately via the
- kill signal (no opportunity to shut down). If this
- value is nil, the default grace period will be used
- instead. The grace period is the duration in seconds
- after the processes running in the pod are sent
- a termination signal and the time when the processes
- are forcibly halted with a kill signal. Set this
- value longer than the expected cleanup time for
- your process. Defaults to 30 seconds.
- format: int64
- type: integer
- tolerations:
- description: If specified, the pod's tolerations.
- items:
- description: The pod this Toleration is attached
- to tolerates any taint that matches the triple
- <key,value,effect> using the matching operator
- <operator>.
- properties:
- effect:
- description: Effect indicates the taint effect
- to match. Empty means match all taint effects.
- When specified, allowed values are NoSchedule,
- PreferNoSchedule and NoExecute.
- type: string
- key:
- description: Key is the taint key that the toleration
- applies to. Empty means match all taint keys.
- If the key is empty, operator must be Exists;
- this combination means to match all values
- and all keys.
- type: string
- operator:
- description: Operator represents a key's relationship
- to the value. Valid operators are Exists and
- Equal. Defaults to Equal. Exists is equivalent
- to wildcard for value, so that a pod can tolerate
- all taints of a particular category.
- type: string
- tolerationSeconds:
- description: TolerationSeconds represents the
- period of time the toleration (which must
- be of effect NoExecute, otherwise this field
- is ignored) tolerates the taint. By default,
- it is not set, which means tolerate the taint
- forever (do not evict). Zero and negative
- values will be treated as 0 (evict immediately)
- by the system.
- format: int64
- type: integer
- value:
- description: Value is the taint value the toleration
- matches to. If the operator is Exists, the
- value should be empty, otherwise just a regular
- string.
- type: string
- type: object
- type: array
- topologySpreadConstraints:
- description: TopologySpreadConstraints describes how
- a group of pods ought to spread across topology
- domains. Scheduler will schedule pods in a way which
- abides by the constraints. All topologySpreadConstraints
- are ANDed.
- items:
- description: TopologySpreadConstraint specifies
- how to spread matching pods among the given topology.
- properties:
- labelSelector:
- description: LabelSelector is used to find matching
- pods. Pods that match this label selector
- are counted to determine the number of pods
- in their corresponding topology domain.
- properties:
- matchExpressions:
- description: matchExpressions is a list
- of label selector requirements. The requirements
- are ANDed.
- items:
- description: A label selector requirement
- is a selector that contains values,
- a key, and an operator that relates
- the key and values.
- properties:
- key:
- description: key is the label key
- that the selector applies to.
- type: string
- operator:
- description: operator represents a
- key's relationship to a set of values.
- Valid operators are In, NotIn, Exists
- and DoesNotExist.
- type: string
- values:
- description: values is an array of
- string values. If the operator is
- In or NotIn, the values array must
- be non-empty. If the operator is
- Exists or DoesNotExist, the values
- array must be empty. This array
- is replaced during a strategic merge
- patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator
- is "In", and the values array contains
- only "value". The requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- matchLabelKeys:
- description: MatchLabelKeys is a set of pod
- label keys to select the pods over which spreading
- will be calculated. The keys are used to lookup
- values from the incoming pod labels, those
- key-value labels are ANDed with labelSelector
- to select the group of existing pods over
- which spreading will be calculated for the
- incoming pod. Keys that don't exist in the
- incoming pod labels will be ignored. A null
- or empty list means only match against labelSelector.
- items:
- type: string
- type: array
- x-kubernetes-list-type: atomic
- maxSkew:
- description: 'MaxSkew describes the degree to
- which pods may be unevenly distributed. When
- `whenUnsatisfiable=DoNotSchedule`, it is the
- maximum permitted difference between the number
- of matching pods in the target topology and
- the global minimum. The global minimum is
- the minimum number of matching pods in an
- eligible domain or zero if the number of eligible
- domains is less than MinDomains. For example,
- in a 3-zone cluster, MaxSkew is set to 1,
- and pods with the same labelSelector spread
- as 2/2/1: In this case, the global minimum
- is 1. | zone1 | zone2 | zone3 | | P P | P
- P | P | - if MaxSkew is 1, incoming pod
- can only be scheduled to zone3 to become 2/2/2;
- scheduling it onto zone1(zone2) would make
- the ActualSkew(3-1) on zone1(zone2) violate
- MaxSkew(1). - if MaxSkew is 2, incoming pod
- can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
- it is used to give higher precedence to topologies
- that satisfy it. It''s a required field. Default
- value is 1 and 0 is not allowed.'
- format: int32
- type: integer
- minDomains:
- description: "MinDomains indicates a minimum
- number of eligible domains. When the number
- of eligible domains with matching topology
- keys is less than minDomains, Pod Topology
- Spread treats \"global minimum\" as 0, and
- then the calculation of Skew is performed.
- And when the number of eligible domains with
- matching topology keys equals or greater than
- minDomains, this value has no effect on scheduling.
- As a result, when the number of eligible domains
- is less than minDomains, scheduler won't schedule
- more than maxSkew Pods to those domains. If
- value is nil, the constraint behaves as if
- MinDomains is equal to 1. Valid values are
- integers greater than 0. When value is not
- nil, WhenUnsatisfiable must be DoNotSchedule.
- \n For example, in a 3-zone cluster, MaxSkew
- is set to 2, MinDomains is set to 5 and pods
- with the same labelSelector spread as 2/2/2:
- | zone1 | zone2 | zone3 | | P P | P P |
- \ P P | The number of domains is less than
- 5(MinDomains), so \"global minimum\" is treated
- as 0. In this situation, new pod with the
- same labelSelector cannot be scheduled, because
- computed skew will be 3(3 - 0) if new Pod
- is scheduled to any of the three zones, it
- will violate MaxSkew. \n This is a beta field
- and requires the MinDomainsInPodTopologySpread
- feature gate to be enabled (enabled by default)."
- format: int32
- type: integer
- nodeAffinityPolicy:
- description: "NodeAffinityPolicy indicates how
- we will treat Pod's nodeAffinity/nodeSelector
- when calculating pod topology spread skew.
- Options are: - Honor: only nodes matching
- nodeAffinity/nodeSelector are included in
- the calculations. - Ignore: nodeAffinity/nodeSelector
- are ignored. All nodes are included in the
- calculations. \n If this value is nil, the
- behavior is equivalent to the Honor policy.
- This is a alpha-level feature enabled by the
- NodeInclusionPolicyInPodTopologySpread feature
- flag."
- type: string
- nodeTaintsPolicy:
- description: "NodeTaintsPolicy indicates how
- we will treat node taints when calculating
- pod topology spread skew. Options are: - Honor:
- nodes without taints, along with tainted nodes
- for which the incoming pod has a toleration,
- are included. - Ignore: node taints are ignored.
- All nodes are included. \n If this value is
- nil, the behavior is equivalent to the Ignore
- policy. This is a alpha-level feature enabled
- by the NodeInclusionPolicyInPodTopologySpread
- feature flag."
- type: string
- topologyKey:
- description: TopologyKey is the key of node
- labels. Nodes that have a label with this
- key and identical values are considered to
- be in the same topology. We consider each
- <key, value> as a "bucket", and try to put
- balanced number of pods into each bucket.
- We define a domain as a particular instance
- of a topology. Also, we define an eligible
- domain as a domain whose nodes meet the requirements
- of nodeAffinityPolicy and nodeTaintsPolicy.
- e.g. If TopologyKey is "kubernetes.io/hostname",
- each Node is a domain of that topology. And,
- if TopologyKey is "topology.kubernetes.io/zone",
- each zone is a domain of that topology. It's
- a required field.
- type: string
- whenUnsatisfiable:
- description: 'WhenUnsatisfiable indicates how
- to deal with a pod if it doesn''t satisfy
- the spread constraint. - DoNotSchedule (default)
- tells the scheduler not to schedule it. -
- ScheduleAnyway tells the scheduler to schedule
- the pod in any location, but giving higher
- precedence to topologies that would help reduce
- the skew. A constraint is considered "Unsatisfiable"
- for an incoming pod if and only if every possible
- node assignment for that pod would violate
- "MaxSkew" on some topology. For example, in
- a 3-zone cluster, MaxSkew is set to 1, and
- pods with the same labelSelector spread as
- 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
- If WhenUnsatisfiable is set to DoNotSchedule,
- incoming pod can only be scheduled to zone2(zone3)
- to become 3/2/1(3/1/2) as ActualSkew(2-1)
- on zone2(zone3) satisfies MaxSkew(1). In other
- words, the cluster can still be imbalanced,
- but scheduler won''t make it *more* imbalanced.
- It''s a required field.'
- type: string
- required:
- - maxSkew
- - topologyKey
- - whenUnsatisfiable
- type: object
- type: array
- x-kubernetes-list-map-keys:
- - topologyKey
- - whenUnsatisfiable
- x-kubernetes-list-type: map
- volumes:
- description: 'List of volumes that can be mounted
- by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
- items:
- description: Volume represents a named volume in
- a pod that may be accessed by any container in
- the pod.
- properties:
- awsElasticBlockStore:
- description: 'awsElasticBlockStore represents
- an AWS Disk resource that is attached to a
- kubelet''s host machine and then exposed to
- the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount.
- Tip: Ensure that the filesystem type is
- supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- TODO: how do we prevent errors in the
- filesystem from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition
- in the volume that you want to mount.
- If omitted, the default is to mount by
- volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly,
- the volume partition for /dev/sda is "0"
- (or you can leave the property empty).'
- format: int32
- type: integer
- readOnly:
- description: 'readOnly value true will force
- the readOnly setting in VolumeMounts.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: boolean
- volumeID:
- description: 'volumeID is unique ID of the
- persistent disk resource in AWS (Amazon
- EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
- type: string
- required:
- - volumeID
- type: object
- azureDisk:
- description: azureDisk represents an Azure Data
- Disk mount on the host and bind mount to the
- pod.
- properties:
- cachingMode:
- description: 'cachingMode is the Host Caching
- mode: None, Read Only, Read Write.'
- type: string
- diskName:
- description: diskName is the Name of the
- data disk in the blob storage
- type: string
- diskURI:
- description: diskURI is the URI of data
- disk in the blob storage
- type: string
- fsType:
- description: fsType is Filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified.
- type: string
- kind:
- description: 'kind expected values are Shared:
- multiple blob disks per storage account Dedicated:
- single blob disk per storage account Managed:
- azure managed data disk (only in managed
- availability set). defaults to shared'
- type: string
- readOnly:
- description: readOnly Defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- required:
- - diskName
- - diskURI
- type: object
- azureFile:
- description: azureFile represents an Azure File
- Service mount on the host and bind mount to
- the pod.
- properties:
- readOnly:
- description: readOnly defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretName:
- description: secretName is the name of
- secret that contains Azure Storage Account
- Name and Key
- type: string
- shareName:
- description: shareName is the azure share
- Name
- type: string
- required:
- - secretName
- - shareName
- type: object
- cephfs:
- description: cephFS represents a Ceph FS mount
- on the host that shares a pod's lifetime
- properties:
- monitors:
- description: 'monitors is Required: Monitors
- is a collection of Ceph monitors More
- info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- items:
- type: string
- type: array
- path:
- description: 'path is Optional: Used as
- the mounted root, rather than the full
- Ceph tree, default is /'
- type: string
- readOnly:
- description: 'readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: boolean
- secretFile:
- description: 'secretFile is Optional: SecretFile
- is the path to key ring for User, default
- is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- secretRef:
- description: 'secretRef is Optional: SecretRef
- is reference to the authentication secret
- for User, default is empty. More info:
- https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: 'user is optional: User is
- the rados user name, default is admin
- More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
- type: string
- required:
- - monitors
- type: object
- cinder:
- description: 'cinder represents a cinder volume
- attached and mounted on kubelets host machine.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Examples:
- "ext4", "xfs", "ntfs". Implicitly inferred
- to be "ext4" if unspecified. More info:
- https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- readOnly:
- description: 'readOnly defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: boolean
- secretRef:
- description: 'secretRef is optional: points
- to a secret object containing parameters
- used to connect to OpenStack.'
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeID:
- description: 'volumeID used to identify
- the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
- type: string
- required:
- - volumeID
- type: object
- configMap:
- description: configMap represents a configMap
- that should populate this volume
- properties:
- defaultMode:
- description: 'defaultMode is optional: mode
- bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: items if unspecified, each
- key-value pair in the Data field of the
- referenced ConfigMap will be projected
- into the volume as a file whose name is
- the key and content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the ConfigMap,
- the volume setup will error unless it
- is marked optional. Paths must be relative
- and may not contain the '..' path or start
- with '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode
- bits used to set permissions on
- this file. Must be an octal value
- between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts
- both octal and decimal values, JSON
- requires decimal values for mode
- bits. If not specified, the volume
- defaultMode will be used. This might
- be in conflict with other options
- that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the key
- to. May not be an absolute path.
- May not contain the path element
- '..'. May not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- optional:
- description: optional specify whether the
- ConfigMap or its keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- csi:
- description: csi (Container Storage Interface)
- represents ephemeral storage that is handled
- by certain external CSI drivers (Beta feature).
- properties:
- driver:
- description: driver is the name of the CSI
- driver that handles this volume. Consult
- with your admin for the correct name as
- registered in the cluster.
- type: string
- fsType:
- description: fsType to mount. Ex. "ext4",
- "xfs", "ntfs". If not provided, the empty
- value is passed to the associated CSI
- driver which will determine the default
- filesystem to apply.
- type: string
- nodePublishSecretRef:
- description: nodePublishSecretRef is a reference
- to the secret object containing sensitive
- information to pass to the CSI driver
- to complete the CSI NodePublishVolume
- and NodeUnpublishVolume calls. This field
- is optional, and may be empty if no secret
- is required. If the secret object contains
- more than one secret, all secret references
- are passed.
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- readOnly:
- description: readOnly specifies a read-only
- configuration for the volume. Defaults
- to false (read/write).
- type: boolean
- volumeAttributes:
- additionalProperties:
- type: string
- description: volumeAttributes stores driver-specific
- properties that are passed to the CSI
- driver. Consult your driver's documentation
- for supported values.
- type: object
- required:
- - driver
- type: object
- downwardAPI:
- description: downwardAPI represents downward
- API about the pod that should populate this
- volume
- properties:
- defaultMode:
- description: 'Optional: mode bits to use
- on created files by default. Must be a
- Optional: mode bits used to set permissions
- on created files by default. Must be an
- octal value between 0000 and 0777 or a
- decimal value between 0 and 511. YAML
- accepts both octal and decimal values,
- JSON requires decimal values for mode
- bits. Defaults to 0644. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.'
- format: int32
- type: integer
- items:
- description: Items is a list of downward
- API volume file
- items:
- description: DownwardAPIVolumeFile represents
- information to create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required: Selects a
- field of the pod: only annotations,
- labels, name and namespace are supported.'
- properties:
- apiVersion:
- description: Version of the schema
- the FieldPath is written in
- terms of, defaults to "v1".
- type: string
- fieldPath:
- description: Path of the field
- to select in the specified API
- version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: 'Optional: mode bits
- used to set permissions on this
- file, must be an octal value between
- 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts
- both octal and decimal values, JSON
- requires decimal values for mode
- bits. If not specified, the volume
- defaultMode will be used. This might
- be in conflict with other options
- that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required: Path is the
- relative path name of the file to
- be created. Must not be absolute
- or contain the ''..'' path. Must
- be utf-8 encoded. The first item
- of the relative path must not start
- with ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a resource of
- the container: only resources limits
- and requests (limits.cpu, limits.memory,
- requests.cpu and requests.memory)
- are currently supported.'
- properties:
- containerName:
- description: 'Container name:
- required for volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies the output
- format of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required: resource
- to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- emptyDir:
- description: 'emptyDir represents a temporary
- directory that shares a pod''s lifetime. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- properties:
- medium:
- description: 'medium represents what type
- of storage medium should back this directory.
- The default is "" which means to use the
- node''s default medium. Must be an empty
- string (default) or Memory. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
- type: string
- sizeLimit:
- anyOf:
- - type: integer
- - type: string
- description: 'sizeLimit is the total amount
- of local storage required for this EmptyDir
- volume. The size limit is also applicable
- for memory medium. The maximum usage on
- memory medium EmptyDir would be the minimum
- value between the SizeLimit specified
- here and the sum of memory limits of all
- containers in a pod. The default is nil
- which means that the limit is undefined.
- More info: http://kubernetes.io/docs/user-guide/volumes#emptydir'
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- type: object
- ephemeral:
- description: "ephemeral represents a volume
- that is handled by a cluster storage driver.
- The volume's lifecycle is tied to the pod
- that defines it - it will be created before
- the pod starts, and deleted when the pod is
- removed. \n Use this if: a) the volume is
- only needed while the pod runs, b) features
- of normal volumes like restoring from snapshot
- or capacity tracking are needed, c) the storage
- driver is specified through a storage class,
- and d) the storage driver supports dynamic
- volume provisioning through a PersistentVolumeClaim
- (see EphemeralVolumeSource for more information
- on the connection between this volume type
- and PersistentVolumeClaim). \n Use PersistentVolumeClaim
- or one of the vendor-specific APIs for volumes
- that persist for longer than the lifecycle
- of an individual pod. \n Use CSI for light-weight
- local ephemeral volumes if the CSI driver
- is meant to be used that way - see the documentation
- of the driver for more information. \n A pod
- can use both types of ephemeral volumes and
- persistent volumes at the same time."
- properties:
- volumeClaimTemplate:
- description: "Will be used to create a stand-alone
- PVC to provision the volume. The pod in
- which this EphemeralVolumeSource is embedded
- will be the owner of the PVC, i.e. the
- PVC will be deleted together with the
- pod. The name of the PVC will be `<pod
- name>-<volume name>` where `<volume name>`
- is the name from the `PodSpec.Volumes`
- array entry. Pod validation will reject
- the pod if the concatenated name is not
- valid for a PVC (for example, too long).
- \n An existing PVC with that name that
- is not owned by the pod will *not* be
- used for the pod to avoid using an unrelated
- volume by mistake. Starting the pod is
- then blocked until the unrelated PVC is
- removed. If such a pre-created PVC is
- meant to be used by the pod, the PVC has
- to updated with an owner reference to
- the pod once the pod exists. Normally
- this should not be necessary, but it may
- be useful when manually reconstructing
- a broken cluster. \n This field is read-only
- and no changes will be made by Kubernetes
- to the PVC after it has been created.
- \n Required, must not be nil."
- properties:
- metadata:
- description: May contain labels and
- annotations that will be copied into
- the PVC when creating it. No other
- fields are allowed and will be rejected
- during validation.
- type: object
- spec:
- description: The specification for the
- PersistentVolumeClaim. The entire
- content is copied unchanged into the
- PVC that gets created from this template.
- The same fields as in a PersistentVolumeClaim
- are also valid here.
- properties:
- accessModes:
- description: 'accessModes contains
- the desired access modes the volume
- should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
- items:
- type: string
- type: array
- dataSource:
- description: 'dataSource field can
- be used to specify either: * An
- existing VolumeSnapshot object
- (snapshot.storage.k8s.io/VolumeSnapshot)
- * An existing PVC (PersistentVolumeClaim)
- If the provisioner or an external
- controller can support the specified
- data source, it will create a
- new volume based on the contents
- of the specified data source.
- If the AnyVolumeDataSource feature
- gate is enabled, this field will
- always have the same contents
- as the DataSourceRef field.'
- properties:
- apiGroup:
- description: APIGroup is the
- group for the resource being
- referenced. If APIGroup is
- not specified, the specified
- Kind must be in the core API
- group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type
- of resource being referenced
- type: string
- name:
- description: Name is the name
- of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- dataSourceRef:
- description: 'dataSourceRef specifies
- the object from which to populate
- the volume with data, if a non-empty
- volume is desired. This may be
- any local object from a non-empty
- API group (non core object) or
- a PersistentVolumeClaim object.
- When this field is specified,
- volume binding will only succeed
- if the type of the specified object
- matches some installed volume
- populator or dynamic provisioner.
- This field will replace the functionality
- of the DataSource field and as
- such if both fields are non-empty,
- they must have the same value.
- For backwards compatibility, both
- fields (DataSource and DataSourceRef)
- will be set to the same value
- automatically if one of them is
- empty and the other is non-empty.
- There are two important differences
- between DataSource and DataSourceRef:
- * While DataSource only allows
- two specific types of objects,
- DataSourceRef allows any non-core
- object, as well as PersistentVolumeClaim
- objects. * While DataSource ignores
- disallowed values (dropping them),
- DataSourceRef preserves all values,
- and generates an error if a disallowed
- value is specified. (Beta) Using
- this field requires the AnyVolumeDataSource
- feature gate to be enabled.'
- properties:
- apiGroup:
- description: APIGroup is the
- group for the resource being
- referenced. If APIGroup is
- not specified, the specified
- Kind must be in the core API
- group. For any other third-party
- types, APIGroup is required.
- type: string
- kind:
- description: Kind is the type
- of resource being referenced
- type: string
- name:
- description: Name is the name
- of resource being referenced
- type: string
- required:
- - kind
- - name
- type: object
- x-kubernetes-map-type: atomic
- resources:
- description: 'resources represents
- the minimum resources the volume
- should have. If RecoverVolumeExpansionFailure
- feature is enabled users are allowed
- to specify resource requirements
- that are lower than previous value
- but must still be higher than
- capacity recorded in the status
- field of the claim. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
- properties:
- limits:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Limits describes
- the maximum amount of compute
- resources allowed. More info:
- https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- requests:
- additionalProperties:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- description: 'Requests describes
- the minimum amount of compute
- resources required. If Requests
- is omitted for a container,
- it defaults to Limits if that
- is explicitly specified, otherwise
- to an implementation-defined
- value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
- type: object
- type: object
- selector:
- description: selector is a label
- query over volumes to consider
- for binding.
- properties:
- matchExpressions:
- description: matchExpressions
- is a list of label selector
- requirements. The requirements
- are ANDed.
- items:
- description: A label selector
- requirement is a selector
- that contains values, a
- key, and an operator that
- relates the key and values.
- properties:
- key:
- description: key is the
- label key that the selector
- applies to.
- type: string
- operator:
- description: operator
- represents a key's relationship
- to a set of values.
- Valid operators are
- In, NotIn, Exists and
- DoesNotExist.
- type: string
- values:
- description: values is
- an array of string values.
- If the operator is In
- or NotIn, the values
- array must be non-empty.
- If the operator is Exists
- or DoesNotExist, the
- values array must be
- empty. This array is
- replaced during a strategic
- merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is
- a map of {key,value} pairs.
- A single {key,value} in the
- matchLabels map is equivalent
- to an element of matchExpressions,
- whose key field is "key",
- the operator is "In", and
- the values array contains
- only "value". The requirements
- are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- storageClassName:
- description: 'storageClassName is
- the name of the StorageClass required
- by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
- type: string
- volumeMode:
- description: volumeMode defines
- what type of volume is required
- by the claim. Value of Filesystem
- is implied when not included in
- claim spec.
- type: string
- volumeName:
- description: volumeName is the binding
- reference to the PersistentVolume
- backing this claim.
- type: string
- type: object
- required:
- - spec
- type: object
- type: object
- fc:
- description: fc represents a Fibre Channel resource
- that is attached to a kubelet's host machine
- and then exposed to the pod.
- properties:
- fsType:
- description: 'fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified. TODO: how do
- we prevent errors in the filesystem from
- compromising the machine'
- type: string
- lun:
- description: 'lun is Optional: FC target
- lun number'
- format: int32
- type: integer
- readOnly:
- description: 'readOnly is Optional: Defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.'
- type: boolean
- targetWWNs:
- description: 'targetWWNs is Optional: FC
- target worldwide names (WWNs)'
- items:
- type: string
- type: array
- wwids:
- description: 'wwids Optional: FC volume
- world wide identifiers (wwids) Either
- wwids or combination of targetWWNs and
- lun must be set, but not both simultaneously.'
- items:
- type: string
- type: array
- type: object
- flexVolume:
- description: flexVolume represents a generic
- volume resource that is provisioned/attached
- using an exec based plugin.
- properties:
- driver:
- description: driver is the name of the driver
- to use for this volume.
- type: string
- fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". The default filesystem
- depends on FlexVolume script.
- type: string
- options:
- additionalProperties:
- type: string
- description: 'options is Optional: this
- field holds extra command options if any.'
- type: object
- readOnly:
- description: 'readOnly is Optional: defaults
- to false (read/write). ReadOnly here will
- force the ReadOnly setting in VolumeMounts.'
- type: boolean
- secretRef:
- description: 'secretRef is Optional: secretRef
- is reference to the secret object containing
- sensitive information to pass to the plugin
- scripts. This may be empty if no secret
- object is specified. If the secret object
- contains more than one secret, all secrets
- are passed to the plugin scripts.'
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- required:
- - driver
- type: object
- flocker:
- description: flocker represents a Flocker volume
- attached to a kubelet's host machine. This
- depends on the Flocker control service being
- running
- properties:
- datasetName:
- description: datasetName is Name of the
- dataset stored as metadata -> name on
- the dataset for Flocker should be considered
- as deprecated
- type: string
- datasetUUID:
- description: datasetUUID is the UUID of
- the dataset. This is unique identifier
- of a Flocker dataset
- type: string
- type: object
- gcePersistentDisk:
- description: 'gcePersistentDisk represents a
- GCE Disk resource that is attached to a kubelet''s
- host machine and then exposed to the pod.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- properties:
- fsType:
- description: 'fsType is filesystem type
- of the volume that you want to mount.
- Tip: Ensure that the filesystem type is
- supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- TODO: how do we prevent errors in the
- filesystem from compromising the machine'
- type: string
- partition:
- description: 'partition is the partition
- in the volume that you want to mount.
- If omitted, the default is to mount by
- volume name. Examples: For volume /dev/sda1,
- you specify the partition as "1". Similarly,
- the volume partition for /dev/sda is "0"
- (or you can leave the property empty).
- More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- format: int32
- type: integer
- pdName:
- description: 'pdName is unique name of the
- PD resource in GCE. Used to identify the
- disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: string
- readOnly:
- description: 'readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
- type: boolean
- required:
- - pdName
- type: object
- gitRepo:
- description: 'gitRepo represents a git repository
- at a particular revision. DEPRECATED: GitRepo
- is deprecated. To provision a container with
- a git repo, mount an EmptyDir into an InitContainer
- that clones the repo using git, then mount
- the EmptyDir into the Pod''s container.'
- properties:
- directory:
- description: directory is the target directory
- name. Must not contain or start with '..'. If
- '.' is supplied, the volume directory
- will be the git repository. Otherwise,
- if specified, the volume will contain
- the git repository in the subdirectory
- with the given name.
- type: string
- repository:
- description: repository is the URL
- type: string
- revision:
- description: revision is the commit hash
- for the specified revision.
- type: string
- required:
- - repository
- type: object
- glusterfs:
- description: 'glusterfs represents a Glusterfs
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md'
- properties:
- endpoints:
- description: 'endpoints is the endpoint
- name that details Glusterfs topology.
- More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- path:
- description: 'path is the Glusterfs volume
- path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: string
- readOnly:
- description: 'readOnly here will force the
- Glusterfs volume to be mounted with read-only
- permissions. Defaults to false. More info:
- https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
- type: boolean
- required:
- - endpoints
- - path
- type: object
- hostPath:
- description: 'hostPath represents a pre-existing
- file or directory on the host machine that
- is directly exposed to the container. This
- is generally used for system agents or other
- privileged things that are allowed to see
- the host machine. Most containers will NOT
- need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
- --- TODO(jonesdl) We need to restrict who
- can use host directory mounts and who can/can
- not mount host directories as read/write.'
- properties:
- path:
- description: 'path of the directory on the
- host. If the path is a symlink, it will
- follow the link to the real path. More
- info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- type:
- description: 'type for HostPath Volume Defaults
- to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
- type: string
- required:
- - path
- type: object
- iscsi:
- description: 'iscsi represents an ISCSI Disk
- resource that is attached to a kubelet''s
- host machine and then exposed to the pod.
- More info: https://examples.k8s.io/volumes/iscsi/README.md'
- properties:
- chapAuthDiscovery:
- description: chapAuthDiscovery defines whether
- support iSCSI Discovery CHAP authentication
- type: boolean
- chapAuthSession:
- description: chapAuthSession defines whether
- support iSCSI Session CHAP authentication
- type: boolean
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount.
- Tip: Ensure that the filesystem type is
- supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
- TODO: how do we prevent errors in the
- filesystem from compromising the machine'
- type: string
- initiatorName:
- description: initiatorName is the custom
- iSCSI Initiator Name. If initiatorName
- is specified with iscsiInterface simultaneously,
- new iSCSI interface <target portal>:<volume
- name> will be created for the connection.
- type: string
- iqn:
- description: iqn is the target iSCSI Qualified
- Name.
- type: string
- iscsiInterface:
- description: iscsiInterface is the interface
- Name that uses an iSCSI transport. Defaults
- to 'default' (tcp).
- type: string
- lun:
- description: lun represents iSCSI Target
- Lun number.
- format: int32
- type: integer
- portals:
- description: portals is the iSCSI Target
- Portal List. The portal is either an IP
- or ip_addr:port if the port is other than
- default (typically TCP ports 860 and 3260).
- items:
- type: string
- type: array
- readOnly:
- description: readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false.
- type: boolean
- secretRef:
- description: secretRef is the CHAP Secret
- for iSCSI target and initiator authentication
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- targetPortal:
- description: targetPortal is iSCSI Target
- Portal. The Portal is either an IP or
- ip_addr:port if the port is other than
- default (typically TCP ports 860 and 3260).
- type: string
- required:
- - iqn
- - lun
- - targetPortal
- type: object
- name:
- description: 'name of the volume. Must be a
- DNS_LABEL and unique within the pod. More
- info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- nfs:
- description: 'nfs represents an NFS mount on
- the host that shares a pod''s lifetime More
- info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- properties:
- path:
- description: 'path that is exported by the
- NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- readOnly:
- description: 'readOnly here will force the
- NFS export to be mounted with read-only
- permissions. Defaults to false. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: boolean
- server:
- description: 'server is the hostname or
- IP address of the NFS server. More info:
- https://kubernetes.io/docs/concepts/storage/volumes#nfs'
- type: string
- required:
- - path
- - server
- type: object
- persistentVolumeClaim:
- description: 'persistentVolumeClaimVolumeSource
- represents a reference to a PersistentVolumeClaim
- in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- properties:
- claimName:
- description: 'claimName is the name of a
- PersistentVolumeClaim in the same namespace
- as the pod using this volume. More info:
- https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
- type: string
- readOnly:
- description: readOnly Will force the ReadOnly
- setting in VolumeMounts. Default false.
- type: boolean
- required:
- - claimName
- type: object
- photonPersistentDisk:
- description: photonPersistentDisk represents
- a PhotonController persistent disk attached
- and mounted on kubelets host machine
- properties:
- fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified.
- type: string
- pdID:
- description: pdID is the ID that identifies
- Photon Controller persistent disk
- type: string
- required:
- - pdID
- type: object
- portworxVolume:
- description: portworxVolume represents a portworx
- volume attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: fSType represents the filesystem
- type to mount Must be a filesystem type
- supported by the host operating system.
- Ex. "ext4", "xfs". Implicitly inferred
- to be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- volumeID:
- description: volumeID uniquely identifies
- a Portworx volume
- type: string
- required:
- - volumeID
- type: object
- projected:
- description: projected items for all in one
- resources secrets, configmaps, and downward
- API
- properties:
- defaultMode:
- description: defaultMode are the mode bits
- used to set permissions on created files
- by default. Must be an octal value between
- 0000 and 0777 or a decimal value between
- 0 and 511. YAML accepts both octal and
- decimal values, JSON requires decimal
- values for mode bits. Directories within
- the path are not affected by this setting.
- This might be in conflict with other options
- that affect the file mode, like fsGroup,
- and the result can be other mode bits
- set.
- format: int32
- type: integer
- sources:
- description: sources is the list of volume
- projections
- items:
- description: Projection that may be projected
- along with other supported volume types
- properties:
- configMap:
- description: configMap information
- about the configMap data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced ConfigMap
- will be projected into the volume
- as a file whose name is the
- key and content is the value.
- If specified, the listed keys
- will be projected into the specified
- paths, and unlisted keys will
- not be present. If a key is
- specified which is not present
- in the ConfigMap, the volume
- setup will error unless it is
- marked optional. Paths must
- be relative and may not contain
- the '..' path or start with
- '..'.
- items:
- description: Maps a string key
- to a path within a volume.
- properties:
- key:
- description: key is the
- key to project.
- type: string
- mode:
- description: 'mode is Optional:
- mode bits used to set
- permissions on this file.
- Must be an octal value
- between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts
- both octal and decimal
- values, JSON requires
- decimal values for mode
- bits. If not specified,
- the volume defaultMode
- will be used. This might
- be in conflict with other
- options that affect the
- file mode, like fsGroup,
- and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the
- relative path of the file
- to map the key to. May
- not be an absolute path.
- May not contain the path
- element '..'. May not
- start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: optional specify
- whether the ConfigMap or its
- keys must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- downwardAPI:
- description: downwardAPI information
- about the downwardAPI data to project
- properties:
- items:
- description: Items is a list of
- DownwardAPIVolume file
- items:
- description: DownwardAPIVolumeFile
- represents information to
- create the file containing
- the pod field
- properties:
- fieldRef:
- description: 'Required:
- Selects a field of the
- pod: only annotations,
- labels, name and namespace
- are supported.'
- properties:
- apiVersion:
- description: Version
- of the schema the
- FieldPath is written
- in terms of, defaults
- to "v1".
- type: string
- fieldPath:
- description: Path of
- the field to select
- in the specified API
- version.
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- mode:
- description: 'Optional:
- mode bits used to set
- permissions on this file,
- must be an octal value
- between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts
- both octal and decimal
- values, JSON requires
- decimal values for mode
- bits. If not specified,
- the volume defaultMode
- will be used. This might
- be in conflict with other
- options that affect the
- file mode, like fsGroup,
- and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: 'Required:
- Path is the relative
- path name of the file
- to be created. Must not
- be absolute or contain
- the ''..'' path. Must
- be utf-8 encoded. The
- first item of the relative
- path must not start with
- ''..'''
- type: string
- resourceFieldRef:
- description: 'Selects a
- resource of the container:
- only resources limits
- and requests (limits.cpu,
- limits.memory, requests.cpu
- and requests.memory) are
- currently supported.'
- properties:
- containerName:
- description: 'Container
- name: required for
- volumes, optional
- for env vars'
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- description: Specifies
- the output format
- of the exposed resources,
- defaults to "1"
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- description: 'Required:
- resource to select'
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
- required:
- - path
- type: object
- type: array
- type: object
- secret:
- description: secret information about
- the secret data to project
- properties:
- items:
- description: items if unspecified,
- each key-value pair in the Data
- field of the referenced Secret
- will be projected into the volume
- as a file whose name is the
- key and content is the value.
- If specified, the listed keys
- will be projected into the specified
- paths, and unlisted keys will
- not be present. If a key is
- specified which is not present
- in the Secret, the volume setup
- will error unless it is marked
- optional. Paths must be relative
- and may not contain the '..'
- path or start with '..'.
- items:
- description: Maps a string key
- to a path within a volume.
- properties:
- key:
- description: key is the
- key to project.
- type: string
- mode:
- description: 'mode is Optional:
- mode bits used to set
- permissions on this file.
- Must be an octal value
- between 0000 and 0777
- or a decimal value between
- 0 and 511. YAML accepts
- both octal and decimal
- values, JSON requires
- decimal values for mode
- bits. If not specified,
- the volume defaultMode
- will be used. This might
- be in conflict with other
- options that affect the
- file mode, like fsGroup,
- and the result can be
- other mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the
- relative path of the file
- to map the key to. May
- not be an absolute path.
- May not contain the path
- element '..'. May not
- start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields.
- apiVersion, kind, uid?'
- type: string
- optional:
- description: optional field specify
- whether the Secret or its key
- must be defined
- type: boolean
- type: object
- x-kubernetes-map-type: atomic
- serviceAccountToken:
- description: serviceAccountToken is
- information about the serviceAccountToken
- data to project
- properties:
- audience:
- description: audience is the intended
- audience of the token. A recipient
- of a token must identify itself
- with an identifier specified
- in the audience of the token,
- and otherwise should reject
- the token. The audience defaults
- to the identifier of the apiserver.
- type: string
- expirationSeconds:
- description: expirationSeconds
- is the requested duration of
- validity of the service account
- token. As the token approaches
- expiration, the kubelet volume
- plugin will proactively rotate
- the service account token. The
- kubelet will start trying to
- rotate the token if the token
- is older than 80 percent of
- its time to live or if the token
- is older than 24 hours.Defaults
- to 1 hour and must be at least
- 10 minutes.
- format: int64
- type: integer
- path:
- description: path is the path
- relative to the mount point
- of the file to project the token
- into.
- type: string
- required:
- - path
- type: object
- type: object
- type: array
- type: object
- quobyte:
- description: quobyte represents a Quobyte mount
- on the host that shares a pod's lifetime
- properties:
- group:
- description: group to map volume access
- to Default is no group
- type: string
- readOnly:
- description: readOnly here will force the
- Quobyte volume to be mounted with read-only
- permissions. Defaults to false.
- type: boolean
- registry:
- description: registry represents a single
- or multiple Quobyte Registry services
- specified as a string as host:port pair
- (multiple entries are separated with commas)
- which acts as the central registry for
- volumes
- type: string
- tenant:
- description: tenant owning the given Quobyte
- volume in the Backend Used with dynamically
- provisioned Quobyte volumes, value is
- set by the plugin
- type: string
- user:
- description: user to map volume access to
- Defaults to serivceaccount user
- type: string
- volume:
- description: volume is a string that references
- an already created Quobyte volume by name.
- type: string
- required:
- - registry
- - volume
- type: object
- rbd:
- description: 'rbd represents a Rados Block Device
- mount on the host that shares a pod''s lifetime.
- More info: https://examples.k8s.io/volumes/rbd/README.md'
- properties:
- fsType:
- description: 'fsType is the filesystem type
- of the volume that you want to mount.
- Tip: Ensure that the filesystem type is
- supported by the host operating system.
- Examples: "ext4", "xfs", "ntfs". Implicitly
- inferred to be "ext4" if unspecified.
- More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
- TODO: how do we prevent errors in the
- filesystem from compromising the machine'
- type: string
- image:
- description: 'image is the rados image name.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- keyring:
- description: 'keyring is the path to key
- ring for RBDUser. Default is /etc/ceph/keyring.
- More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- monitors:
- description: 'monitors is a collection of
- Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- items:
- type: string
- type: array
- pool:
- description: 'pool is the rados pool name.
- Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- readOnly:
- description: 'readOnly here will force the
- ReadOnly setting in VolumeMounts. Defaults
- to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: boolean
- secretRef:
- description: 'secretRef is name of the authentication
- secret for RBDUser. If provided overrides
- keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- user:
- description: 'user is the rados user name.
- Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
- type: string
- required:
- - image
- - monitors
- type: object
- scaleIO:
- description: scaleIO represents a ScaleIO persistent
- volume attached and mounted on Kubernetes
- nodes.
- properties:
- fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Default is "xfs".
- type: string
- gateway:
- description: gateway is the host address
- of the ScaleIO API Gateway.
- type: string
- protectionDomain:
- description: protectionDomain is the name
- of the ScaleIO Protection Domain for the
- configured storage.
- type: string
- readOnly:
- description: readOnly Defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef references to the
- secret for ScaleIO user and other sensitive
- information. If this is not provided,
- Login operation will fail.
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- sslEnabled:
- description: sslEnabled Flag enable/disable
- SSL communication with Gateway, default
- false
- type: boolean
- storageMode:
- description: storageMode indicates whether
- the storage for a volume should be ThickProvisioned
- or ThinProvisioned. Default is ThinProvisioned.
- type: string
- storagePool:
- description: storagePool is the ScaleIO
- Storage Pool associated with the protection
- domain.
- type: string
- system:
- description: system is the name of the storage
- system as configured in ScaleIO.
- type: string
- volumeName:
- description: volumeName is the name of a
- volume already created in the ScaleIO
- system that is associated with this volume
- source.
- type: string
- required:
- - gateway
- - secretRef
- - system
- type: object
- secret:
- description: 'secret represents a secret that
- should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- properties:
- defaultMode:
- description: 'defaultMode is Optional: mode
- bits used to set permissions on created
- files by default. Must be an octal value
- between 0000 and 0777 or a decimal value
- between 0 and 511. YAML accepts both octal
- and decimal values, JSON requires decimal
- values for mode bits. Defaults to 0644.
- Directories within the path are not affected
- by this setting. This might be in conflict
- with other options that affect the file
- mode, like fsGroup, and the result can
- be other mode bits set.'
- format: int32
- type: integer
- items:
- description: items If unspecified, each
- key-value pair in the Data field of the
- referenced Secret will be projected into
- the volume as a file whose name is the
- key and content is the value. If specified,
- the listed keys will be projected into
- the specified paths, and unlisted keys
- will not be present. If a key is specified
- which is not present in the Secret, the
- volume setup will error unless it is marked
- optional. Paths must be relative and may
- not contain the '..' path or start with
- '..'.
- items:
- description: Maps a string key to a path
- within a volume.
- properties:
- key:
- description: key is the key to project.
- type: string
- mode:
- description: 'mode is Optional: mode
- bits used to set permissions on
- this file. Must be an octal value
- between 0000 and 0777 or a decimal
- value between 0 and 511. YAML accepts
- both octal and decimal values, JSON
- requires decimal values for mode
- bits. If not specified, the volume
- defaultMode will be used. This might
- be in conflict with other options
- that affect the file mode, like
- fsGroup, and the result can be other
- mode bits set.'
- format: int32
- type: integer
- path:
- description: path is the relative
- path of the file to map the key
- to. May not be an absolute path.
- May not contain the path element
- '..'. May not start with the string
- '..'.
- type: string
- required:
- - key
- - path
- type: object
- type: array
- optional:
- description: optional field specify whether
- the Secret or its keys must be defined
- type: boolean
- secretName:
- description: 'secretName is the name of
- the secret in the pod''s namespace to
- use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
- type: string
- type: object
- storageos:
- description: storageOS represents a StorageOS
- volume attached and mounted on Kubernetes
- nodes.
- properties:
- fsType:
- description: fsType is the filesystem type
- to mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified.
- type: string
- readOnly:
- description: readOnly defaults to false
- (read/write). ReadOnly here will force
- the ReadOnly setting in VolumeMounts.
- type: boolean
- secretRef:
- description: secretRef specifies the secret
- to use for obtaining the StorageOS API
- credentials. If not specified, default
- values will be attempted.
- properties:
- name:
- description: 'Name of the referent.
- More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
- TODO: Add other useful fields. apiVersion,
- kind, uid?'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- volumeName:
- description: volumeName is the human-readable
- name of the StorageOS volume. Volume
- names are only unique within a namespace.
- type: string
- volumeNamespace:
- description: volumeNamespace specifies the
- scope of the volume within StorageOS. If
- no namespace is specified then the Pod's
- namespace will be used. This allows the
- Kubernetes name scoping to be mirrored
- within StorageOS for tighter integration.
- Set VolumeName to any name to override
- the default behaviour. Set to "default"
- if you are not using namespaces within
- StorageOS. Namespaces that do not pre-exist
- within StorageOS will be created.
- type: string
- type: object
- vsphereVolume:
- description: vsphereVolume represents a vSphere
- volume attached and mounted on kubelets host
- machine
- properties:
- fsType:
- description: fsType is filesystem type to
- mount. Must be a filesystem type supported
- by the host operating system. Ex. "ext4",
- "xfs", "ntfs". Implicitly inferred to
- be "ext4" if unspecified.
- type: string
- storagePolicyID:
- description: storagePolicyID is the storage
- Policy Based Management (SPBM) profile
- ID associated with the StoragePolicyName.
- type: string
- storagePolicyName:
- description: storagePolicyName is the storage
- Policy Based Management (SPBM) profile
- name.
- type: string
- volumePath:
- description: volumePath is the path that
- identifies vSphere volume vmdk
- type: string
- required:
- - volumePath
- type: object
- required:
- - name
- type: object
- type: array
- required:
- - containers
- type: object
- type: object
- ttlSecondsAfterFinished:
- description: ttlSecondsAfterFinished limits the lifetime of
- a Job that has finished execution (either Complete or Failed).
- If this field is set, ttlSecondsAfterFinished after the
- Job finishes, it is eligible to be automatically deleted.
- When the Job is being deleted, its lifecycle guarantees
- (e.g. finalizers) will be honored. If this field is unset,
- the Job won't be automatically deleted. If this field is
- set to zero, the Job becomes eligible to be deleted immediately
- after it finishes.
- format: int32
- type: integer
- required:
- - template
- type: object
- type: object
- schedule:
- description: The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
- minLength: 0
- type: string
- startingDeadlineSeconds:
- description: Optional deadline in seconds for starting the job if
- it misses scheduled time for any reason. Missed jobs executions
- will be counted as failed ones.
- format: int64
- minimum: 0
- type: integer
- successfulJobsHistoryLimit:
- description: The number of successful finished jobs to retain. This
- is a pointer to distinguish between explicit zero and not specified.
- format: int32
- minimum: 0
- type: integer
- suspend:
- description: This flag tells the controller to suspend subsequent
- executions, it does not apply to already started executions. Defaults
- to false.
- type: boolean
- required:
- - jobTemplate
- - schedule
- type: object
- status:
- description: CronJobStatus defines the observed state of CronJob
- properties:
- active:
- description: A list of pointers to currently running jobs.
- items:
- description: "ObjectReference contains enough information to let
- you inspect or modify the referred object. --- New uses of this
- type are discouraged because of difficulty describing its usage
- when embedded in APIs. 1. Ignored fields. It includes many fields
- which are not generally honored. For instance, ResourceVersion
- and FieldPath are both very rarely valid in actual usage. 2. Invalid
- usage help. It is impossible to add specific help for individual
- usage. In most embedded usages, there are particular restrictions
- like, \"must refer only to types A and B\" or \"UID not honored\"
- or \"name must be restricted\". Those cannot be well described
- when embedded. 3. Inconsistent validation. Because the usages
- are different, the validation rules are different by usage, which
- makes it hard for users to predict what will happen. 4. The fields
- are both imprecise and overly precise. Kind is not a precise
- mapping to a URL. This can produce ambiguity during interpretation
- and require a REST mapping. In most cases, the dependency is
- on the group,resource tuple and the version of the actual struct
- is irrelevant. 5. We cannot easily change it. Because this type
- is embedded in many locations, updates to this type will affect
- numerous schemas. Don't make new APIs embed an underspecified
- API type they do not control. \n Instead of using this type, create
- a locally provided and used type that is well-focused on your
- reference. For example, ServiceReferences for admission registration:
- https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
- ."
- properties:
- apiVersion:
- description: API version of the referent.
- type: string
- fieldPath:
- description: 'If referring to a piece of an object instead of
- an entire object, this string should contain a valid JSON/Go
- field access statement, such as desiredState.manifest.containers[2].
- For example, if the object reference is to a container within
- a pod, this would take on a value like: "spec.containers{name}"
- (where "name" refers to the name of the container that triggered
- the event) or if no container name is specified "spec.containers[2]"
- (container with index 2 in this pod). This syntax is chosen
- only to have some well-defined way of referencing a part of
- an object. TODO: this design is not final and this field is
- subject to change in the future.'
- type: string
- kind:
- description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- name:
- description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
- type: string
- namespace:
- description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
- type: string
- resourceVersion:
- description: 'Specific resourceVersion to which this reference
- is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
- type: string
- uid:
- description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
- type: string
- type: object
- x-kubernetes-map-type: atomic
- type: array
- lastScheduleTime:
- description: Information when was the last time the job was successfully
- scheduled.
- format: date-time
- type: string
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
|
