diff --git a/PROJECT b/PROJECT
index 7cc5fa25f003..6abde0cbbc49 100644
--- a/PROJECT
+++ b/PROJECT
@@ -224,4 +224,13 @@ resources:
defaulting: true
validation: true
webhookVersion: v1
+- api:
+ crdVersion: v1
+ namespaced: true
+ controller: true
+ domain: kubeblocks.io
+ group: apps
+ kind: OpsDefinition
+ path: github.com/apecloud/kubeblocks/apis/apps/v1alpha1
+ version: v1alpha1
version: "3"
diff --git a/apis/apps/v1alpha1/componentdefinition_types.go b/apis/apps/v1alpha1/componentdefinition_types.go
index 1ba466121749..b665938a88e6 100644
--- a/apis/apps/v1alpha1/componentdefinition_types.go
+++ b/apis/apps/v1alpha1/componentdefinition_types.go
@@ -268,6 +268,12 @@ type SystemAccount struct {
// SecretRef specifies the secret from which data will be copied to create the new account.
// Cannot be updated.
+ // And will replace the built-in objects in the secret:
+ // - `$(RANDOM_PASSWD)` - random 8 characters.
+ // - `$(UUID)` - generate a random UUID v4 string.
+ // - `$(UUID_B64)` - generate a random UUID v4 BASE64 encoded string.
+ // - `$(UUID_STR_B64)` - generate a random UUID v4 string then BASE64 encoded.
+ // - `$(UUID_HEX)` - generate a random UUID v4 HEX representation.
// +optional
SecretRef *ProvisionSecretRef `json:"secretRef,omitempty"`
}
diff --git a/apis/apps/v1alpha1/opsdefinition_types.go b/apis/apps/v1alpha1/opsdefinition_types.go
new file mode 100644
index 000000000000..c0b3418a8a72
--- /dev/null
+++ b/apis/apps/v1alpha1/opsdefinition_types.go
@@ -0,0 +1,175 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+This file is part of KubeBlocks project
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+package v1alpha1
+
+import (
+ batchv1 "k8s.io/api/batch/v1"
+ corev1 "k8s.io/api/core/v1"
+ "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// OpsDefinitionSpec defines the desired state of OpsDefinition
+type OpsDefinitionSpec struct {
+ // triggerPhaseChange indicates whether the operation will trigger a state change of the component.
+ // if true, will be queued for execution.
+ // +optional
+ TriggerPhaseChange bool `json:"triggerPhaseChange,omitempty"`
+
+ // componentDefinitionRefs indicates which types of componentDefinitions are supported by the operation.
+ // +kubebuilder:validation:Required
+ // +kubebuilder:validation:MinItems=1
+ // +patchMergeKey=serviceKind
+ // +patchStrategy=merge,retainKeys
+ // +listType=map
+ // +listMapKey=serviceKind
+ ComponentDefinitionRefs []ComponentDefinitionRef `json:"componentDefinitionRefs" patchStrategy:"merge,retainKeys" patchMergeKey:"serviceKind"`
+
+ // parametersSchema describes the schema used for validation, pruning, and defaulting.
+ // +optional
+ ParametersSchema *ParametersSchema `json:"parametersSchema,omitempty"`
+
+ // jobSpec describes the job spec for the operation.
+ // +kubebuilder:validation:Required
+ JobSpec batchv1.JobSpec `json:"jobSpec"`
+
+ // pre-check if it meets the requirements to run the job for the operation.
+ // +optional
+ PreChecks []PreCheck `json:"preChecks,omitempty"`
+}
+
+type ComponentDefinitionRef struct {
+
+ // ServiceKind defines what kind of well-known service that the component provides (e.g., MySQL, Redis, ETCD, case insensitive).
+ // reference componentDefinition.spec.
+ // +kubebuilder:validation:MaxLength=32
+ // +kubebuilder:validation:Required
+ ServiceKind string `json:"serviceKind"`
+
+ // the data of the specified connection credential will be injected into env of the job.
+ // if not set, use the first connection credential by default.
+ // +optional
+ ConnectionCredentialName string `json:"connectionCredentialName"`
+
+ // map the name and ports to KB_COMP_SVC_NAME and KB_COMP_SVC_PORT_ in env of the job.
+ // +optional
+ ServiceName string `json:"serviceName,omitempty"`
+}
+
+type ParametersSchema struct {
+ // openAPIV3SchemaProperties is the OpenAPI v3 schema to use for parameter schema.
+ // +kubebuilder:validation:Schemaless
+ // +kubebuilder:validation:Type=object
+ // +kubebuilder:pruning:PreserveUnknownFields
+ // +k8s:conversion-gen=false
+ // +optional
+ OpenAPIV3Schema *apiextensions.JSONSchemaProps `json:"openAPIV3Schema,omitempty"`
+}
+
+// PreCheck
+// +kubebuilder:validation:XValidation:rule="has(self.expression) || has(self.exec)", message="at least one exists for expression and exec."
+type PreCheck struct {
+
+ // expression declares how the operation can be executed.
+ Expression *Expression `json:"expression,omitempty"`
+
+ // a job will be run to execute pre-check.
+ // +optional
+ Exec *PreCheckExec `json:"exec,omitempty"`
+}
+
+type Expression struct {
+ // validation rule declares how the operation can be executed using go template expression.
+ // it should return "true" or "false", built-in objects:
+ // - "params" are input parameters.
+ // - "cluster" is referenced cluster object.
+ // - "component" is referenced the component Object.
+ // +kubebuilder:validation:Required
+ Rule string `json:"rule"`
+
+ // report the message if the rule is not matched.
+ // +kubebuilder:validation:Required
+ Message string `json:"message"`
+}
+
+type PreCheckExec struct {
+ // image name.
+ // +kubebuilder:validation:Required
+ Image string `json:"image"`
+
+ // container env.
+ // +optional
+ Env []corev1.EnvVar `json:"env,omitempty"`
+
+ // container commands.
+ // +optional
+ Command []string `json:"command,omitempty"`
+
+ // container args.
+ // +optional
+ Args []string `json:"args,omitempty"`
+}
+
+// OpsDefinitionStatus defines the observed state of OpsDefinition
+type OpsDefinitionStatus struct {
+ // ObservedGeneration is the most recent generation observed for this OpsDefinition.
+ // +optional
+ ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+ // Phase valid values are ``, `Available`, 'Unavailable`.
+ // Available is OpsDefinition become available, and can be used for co-related objects.
+ // +optional
+ Phase Phase `json:"phase,omitempty"`
+
+ // Extra message for current phase.
+ // +optional
+ Message string `json:"message,omitempty"`
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:openapi-gen=true
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:categories={kubeblocks,all},scope=Cluster,shortName=od
+// +kubebuilder:printcolumn:name="STATUS",type="string",JSONPath=".status.phase",description="Operation status phase."
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+
+// OpsDefinition is the Schema for the opsdefinitions API
+type OpsDefinition struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Spec OpsDefinitionSpec `json:"spec,omitempty"`
+ Status OpsDefinitionStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// OpsDefinitionList contains a list of OpsDefinition
+type OpsDefinitionList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []OpsDefinition `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&OpsDefinition{}, &OpsDefinitionList{})
+}
diff --git a/apis/apps/v1alpha1/opsrequest_types.go b/apis/apps/v1alpha1/opsrequest_types.go
index 3b3fce3a488e..7b69f410a8b1 100644
--- a/apis/apps/v1alpha1/opsrequest_types.go
+++ b/apis/apps/v1alpha1/opsrequest_types.go
@@ -27,7 +27,7 @@ import (
// OpsRequestSpec defines the desired state of OpsRequest
// +kubebuilder:validation:XValidation:rule="has(self.cancel) && self.cancel ? (self.type in ['VerticalScaling', 'HorizontalScaling']) : true",message="forbidden to cancel the opsRequest which type not in ['VerticalScaling','HorizontalScaling']"
type OpsRequestSpec struct {
- // clusterRef references clusterDefinition.
+ // clusterRef references cluster object.
// +kubebuilder:validation:Required
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="forbidden to update spec.clusterRef"
ClusterRef string `json:"clusterRef"`
@@ -139,6 +139,8 @@ type OpsRequestSpec struct {
// restoreSpec defines how to restore the cluster.
// +optional
RestoreSpec *RestoreSpec `json:"restoreSpec,omitempty"`
+
+ CustomSpec *CustomOpsSpec `json:"customSpec,omitempty"`
}
// ComponentOps defines the common variables of component scope operations.
@@ -266,6 +268,20 @@ type ConfigurationItem struct {
Keys []ParameterConfig `json:"keys" patchStrategy:"merge,retainKeys" patchMergeKey:"key"`
}
+type CustomOpsSpec struct {
+ // +kubebuilder:validation:Required
+ // cluster component name.
+ ComponentName string `json:"componentName"`
+
+ // +kubebuilder:validation:Required
+ // reference a opsDefinition
+ OpsDefinitionRef string `json:"opsDefinitionRef"`
+
+ // the input for this operation declared in the opsDefinition.spec.parametersSchema.
+ // +optional
+ Params map[string]string `json:"params,omitempty"`
+}
+
type ParameterPair struct {
// key is name of the parameter to be updated.
// +kubebuilder:validation:Required
diff --git a/apis/apps/v1alpha1/type.go b/apis/apps/v1alpha1/type.go
index 48737ac274ac..15fa3bdb263d 100644
--- a/apis/apps/v1alpha1/type.go
+++ b/apis/apps/v1alpha1/type.go
@@ -217,7 +217,7 @@ const (
// OpsType defines operation types.
// +enum
-// +kubebuilder:validation:Enum={Upgrade,VerticalScaling,VolumeExpansion,HorizontalScaling,Restart,Reconfiguring,Start,Stop,Expose,Switchover,DataScript,Backup,Restore}
+// +kubebuilder:validation:Enum={Upgrade,VerticalScaling,VolumeExpansion,HorizontalScaling,Restart,Reconfiguring,Start,Stop,Expose,Switchover,DataScript,Backup,Restore,Custom}
type OpsType string
const (
@@ -234,6 +234,7 @@ const (
DataScriptType OpsType = "DataScript" // DataScriptType the data script operation will execute the data script against the cluster.
BackupType OpsType = "Backup"
RestoreType OpsType = "Restore"
+ CustomType OpsType = "Custom" // use opsDefinition
)
// ComponentResourceKey defines the resource key of component, such as pod/pvc.
diff --git a/apis/apps/v1alpha1/zz_generated.deepcopy.go b/apis/apps/v1alpha1/zz_generated.deepcopy.go
index f5c90ea60890..f655c333f44e 100644
--- a/apis/apps/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/apps/v1alpha1/zz_generated.deepcopy.go
@@ -1608,6 +1608,21 @@ func (in *ComponentDefinitionList) DeepCopyObject() runtime.Object {
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ComponentDefinitionRef) DeepCopyInto(out *ComponentDefinitionRef) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComponentDefinitionRef.
+func (in *ComponentDefinitionRef) DeepCopy() *ComponentDefinitionRef {
+ if in == nil {
+ return nil
+ }
+ out := new(ComponentDefinitionRef)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ComponentDefinitionSpec) DeepCopyInto(out *ComponentDefinitionSpec) {
*out = *in
@@ -2827,6 +2842,28 @@ func (in *CustomLabelSpec) DeepCopy() *CustomLabelSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CustomOpsSpec) DeepCopyInto(out *CustomOpsSpec) {
+ *out = *in
+ if in.Params != nil {
+ in, out := &in.Params, &out.Params
+ *out = make(map[string]string, len(*in))
+ for key, val := range *in {
+ (*out)[key] = val
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomOpsSpec.
+func (in *CustomOpsSpec) DeepCopy() *CustomOpsSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(CustomOpsSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CustomParametersValidation) DeepCopyInto(out *CustomParametersValidation) {
*out = *in
@@ -2953,6 +2990,21 @@ func (in *Expose) DeepCopy() *Expose {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Expression) DeepCopyInto(out *Expression) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Expression.
+func (in *Expression) DeepCopy() *Expression {
+ if in == nil {
+ return nil
+ }
+ out := new(Expression)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *FormatterConfig) DeepCopyInto(out *FormatterConfig) {
*out = *in
@@ -3281,6 +3333,113 @@ func (in *MonitorConfig) DeepCopy() *MonitorConfig {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OpsDefinition) DeepCopyInto(out *OpsDefinition) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ in.Spec.DeepCopyInto(&out.Spec)
+ out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpsDefinition.
+func (in *OpsDefinition) DeepCopy() *OpsDefinition {
+ if in == nil {
+ return nil
+ }
+ out := new(OpsDefinition)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OpsDefinition) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OpsDefinitionList) DeepCopyInto(out *OpsDefinitionList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]OpsDefinition, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpsDefinitionList.
+func (in *OpsDefinitionList) DeepCopy() *OpsDefinitionList {
+ if in == nil {
+ return nil
+ }
+ out := new(OpsDefinitionList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *OpsDefinitionList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OpsDefinitionSpec) DeepCopyInto(out *OpsDefinitionSpec) {
+ *out = *in
+ if in.ComponentDefinitionRefs != nil {
+ in, out := &in.ComponentDefinitionRefs, &out.ComponentDefinitionRefs
+ *out = make([]ComponentDefinitionRef, len(*in))
+ copy(*out, *in)
+ }
+ if in.ParametersSchema != nil {
+ in, out := &in.ParametersSchema, &out.ParametersSchema
+ *out = new(ParametersSchema)
+ (*in).DeepCopyInto(*out)
+ }
+ in.JobSpec.DeepCopyInto(&out.JobSpec)
+ if in.PreChecks != nil {
+ in, out := &in.PreChecks, &out.PreChecks
+ *out = make([]PreCheck, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpsDefinitionSpec.
+func (in *OpsDefinitionSpec) DeepCopy() *OpsDefinitionSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(OpsDefinitionSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OpsDefinitionStatus) DeepCopyInto(out *OpsDefinitionStatus) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpsDefinitionStatus.
+func (in *OpsDefinitionStatus) DeepCopy() *OpsDefinitionStatus {
+ if in == nil {
+ return nil
+ }
+ out := new(OpsDefinitionStatus)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OpsRecorder) DeepCopyInto(out *OpsRecorder) {
*out = *in
@@ -3472,6 +3631,11 @@ func (in *OpsRequestSpec) DeepCopyInto(out *OpsRequestSpec) {
*out = new(RestoreSpec)
**out = **in
}
+ if in.CustomSpec != nil {
+ in, out := &in.CustomSpec, &out.CustomSpec
+ *out = new(CustomOpsSpec)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpsRequestSpec.
@@ -3580,6 +3744,25 @@ func (in *ParameterPair) DeepCopy() *ParameterPair {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ParametersSchema) DeepCopyInto(out *ParametersSchema) {
+ *out = *in
+ if in.OpenAPIV3Schema != nil {
+ in, out := &in.OpenAPIV3Schema, &out.OpenAPIV3Schema
+ *out = (*in).DeepCopy()
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersSchema.
+func (in *ParametersSchema) DeepCopy() *ParametersSchema {
+ if in == nil {
+ return nil
+ }
+ out := new(ParametersSchema)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *PasswordConfig) DeepCopyInto(out *PasswordConfig) {
*out = *in
@@ -3646,6 +3829,63 @@ func (in *PointInTimeRefSpec) DeepCopy() *PointInTimeRefSpec {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PreCheck) DeepCopyInto(out *PreCheck) {
+ *out = *in
+ if in.Expression != nil {
+ in, out := &in.Expression, &out.Expression
+ *out = new(Expression)
+ **out = **in
+ }
+ if in.Exec != nil {
+ in, out := &in.Exec, &out.Exec
+ *out = new(PreCheckExec)
+ (*in).DeepCopyInto(*out)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreCheck.
+func (in *PreCheck) DeepCopy() *PreCheck {
+ if in == nil {
+ return nil
+ }
+ out := new(PreCheck)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PreCheckExec) DeepCopyInto(out *PreCheckExec) {
+ *out = *in
+ if in.Env != nil {
+ in, out := &in.Env, &out.Env
+ *out = make([]v1.EnvVar, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+ if in.Command != nil {
+ in, out := &in.Command, &out.Command
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+ if in.Args != nil {
+ in, out := &in.Args, &out.Args
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreCheckExec.
+func (in *PreCheckExec) DeepCopy() *PreCheckExec {
+ if in == nil {
+ return nil
+ }
+ out := new(PreCheckExec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ProgressStatusDetail) DeepCopyInto(out *ProgressStatusDetail) {
*out = *in
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
index 42dd8f77600a..3d6cdea4b940 100644
--- a/cmd/manager/main.go
+++ b/cmd/manager/main.go
@@ -326,6 +326,15 @@ func main() {
os.Exit(1)
}
+ if err = (&appscontrollers.OpsDefinitionReconciler{
+ Client: mgr.GetClient(),
+ Scheme: mgr.GetScheme(),
+ Recorder: mgr.GetEventRecorderFor("ops-definition-controller"),
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "OpsDefinition")
+ os.Exit(1)
+ }
+
if err = (&appscontrollers.OpsRequestReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
diff --git a/config/crd/bases/apps.kubeblocks.io_componentdefinitions.yaml b/config/crd/bases/apps.kubeblocks.io_componentdefinitions.yaml
index 1431ba7dbb5b..8a8e19eae9ee 100644
--- a/config/crd/bases/apps.kubeblocks.io_componentdefinitions.yaml
+++ b/config/crd/bases/apps.kubeblocks.io_componentdefinitions.yaml
@@ -11653,8 +11653,14 @@ spec:
type: integer
type: object
secretRef:
- description: SecretRef specifies the secret from which data
+ description: 'SecretRef specifies the secret from which data
will be copied to create the new account. Cannot be updated.
+ And will replace the built-in objects in the secret: - `$(RANDOM_PASSWD)`
+ - random 8 characters. - `$(UUID)` - generate a random UUID
+ v4 string. - `$(UUID_B64)` - generate a random UUID v4 BASE64
+ encoded string. - `$(UUID_STR_B64)` - generate a random UUID
+ v4 string then BASE64 encoded. - `$(UUID_HEX)` - generate
+ a random UUID v4 HEX representation.'
properties:
name:
description: name refers to the name of the secret.
diff --git a/config/crd/bases/apps.kubeblocks.io_opsdefinitions.yaml b/config/crd/bases/apps.kubeblocks.io_opsdefinitions.yaml
new file mode 100644
index 000000000000..0a4a1fcb96f1
--- /dev/null
+++ b/config/crd/bases/apps.kubeblocks.io_opsdefinitions.yaml
@@ -0,0 +1,8507 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.1
+ labels:
+ app.kubernetes.io/name: kubeblocks
+ name: opsdefinitions.apps.kubeblocks.io
+spec:
+ group: apps.kubeblocks.io
+ names:
+ categories:
+ - kubeblocks
+ - all
+ kind: OpsDefinition
+ listKind: OpsDefinitionList
+ plural: opsdefinitions
+ shortNames:
+ - od
+ singular: opsdefinition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Operation status phase.
+ jsonPath: .status.phase
+ name: STATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OpsDefinition is the Schema for the opsdefinitions API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpsDefinitionSpec defines the desired state of OpsDefinition
+ properties:
+ componentDefinitionRefs:
+ description: componentDefinitionRefs indicates which types of componentDefinitions
+ are supported by the operation.
+ items:
+ properties:
+ connectionCredentialName:
+ description: the data of the specified connection credential
+ will be injected into env of the job. if not set, use the
+ first connection credential by default.
+ type: string
+ serviceKind:
+ description: ServiceKind defines what kind of well-known service
+ that the component provides (e.g., MySQL, Redis, ETCD, case
+ insensitive). reference componentDefinition.spec.
+ maxLength: 32
+ type: string
+ serviceName:
+ description: map the name and ports to KB_COMP_SVC_NAME and
+ KB_COMP_SVC_PORT_ in env of the job.
+ type: string
+ required:
+ - serviceKind
+ type: object
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - serviceKind
+ x-kubernetes-list-type: map
+ jobSpec:
+ description: jobSpec describes the job spec for the operation.
+ properties:
+ activeDeadlineSeconds:
+ description: Specifies the duration in seconds relative to the
+ startTime that the job may be continuously active before the
+ system tries to terminate it; value must be positive integer.
+ If a Job is suspended (at creation or through an update), this
+ timer will effectively be stopped and reset when the Job is
+ resumed again.
+ format: int64
+ type: integer
+ backoffLimit:
+ description: Specifies the number of retries before marking this
+ job failed. Defaults to 6
+ format: int32
+ type: integer
+ backoffLimitPerIndex:
+ description: Specifies the limit for the number of retries within
+ an index before marking this index as failed. When enabled the
+ number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count
+ annotation. It can only be set when Job's completionMode=Indexed,
+ and the Pod's restart policy is Never. The field is immutable.
+ This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default).
+ format: int32
+ type: integer
+ completionMode:
+ description: "completionMode specifies how Pod completions are
+ tracked. It can be `NonIndexed` (default) or `Indexed`. \n `NonIndexed`
+ means that the Job is considered complete when there have been
+ .spec.completions successfully completed Pods. Each Pod completion
+ is homologous to each other. \n `Indexed` means that the Pods
+ of a Job get an associated completion index from 0 to (.spec.completions
+ - 1), available in the annotation batch.kubernetes.io/job-completion-index.
+ The Job is considered complete when there is one successfully
+ completed Pod for each index. When value is `Indexed`, .spec.completions
+ must be specified and `.spec.parallelism` must be less than
+ or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`,
+ the Pod hostname takes the form `$(job-name)-$(index)`. \n More
+ completion modes can be added in the future. If the Job controller
+ observes a mode that it doesn't recognize, which is possible
+ during upgrades due to version skew, the controller skips updates
+ for the Job."
+ type: string
+ completions:
+ description: 'Specifies the desired number of successfully finished
+ pods the job should be run with. Setting to null means that
+ the success of any pod signals the success of all pods, and
+ allows parallelism to have any positive value. Setting to 1
+ means that parallelism is limited to 1 and the success of that
+ pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ format: int32
+ type: integer
+ manualSelector:
+ description: 'manualSelector controls generation of pod labels
+ and pod selectors. Leave `manualSelector` unset unless you are
+ certain what you are doing. When false or unset, the system
+ pick labels unique to this job and appends those labels to the
+ pod template. When true, the user is responsible for picking
+ unique labels and specifying the selector. Failure to pick
+ a unique label may cause this and other jobs to not function
+ correctly. However, You may see `manualSelector=true` in jobs
+ that were created with the old `extensions/v1beta1` API. More
+ info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector'
+ type: boolean
+ maxFailedIndexes:
+ description: Specifies the maximal number of failed indexes before
+ marking the Job as failed, when backoffLimitPerIndex is set.
+ Once the number of failed indexes exceeds this number the entire
+ Job is marked as Failed and its execution is terminated. When
+ left as null the job continues execution of all of its indexes
+ and is marked with the `Complete` Job condition. It can only
+ be specified when backoffLimitPerIndex is set. It can be null
+ or up to completions. It is required and must be less than or
+ equal to 10^4 when is completions greater than 10^5. This field
+ is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default).
+ format: int32
+ type: integer
+ parallelism:
+ description: 'Specifies the maximum desired number of pods the
+ job should run at any given time. The actual number of pods
+ running in steady state will be less than this number when ((.spec.completions
+ - .status.successful) < .spec.parallelism), i.e. when the work
+ left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ format: int32
+ type: integer
+ podFailurePolicy:
+ description: "Specifies the policy of handling failed pods. In
+ particular, it allows to specify the set of actions and conditions
+ which need to be satisfied to take the associated action. If
+ empty, the default behaviour applies - the counter of failed
+ pods, represented by the jobs's .status.failed field, is incremented
+ and it is checked against the backoffLimit. This field cannot
+ be used in combination with restartPolicy=OnFailure. \n This
+ field is beta-level. It can be used when the `JobPodFailurePolicy`
+ feature gate is enabled (enabled by default)."
+ properties:
+ rules:
+ description: A list of pod failure policy rules. The rules
+ are evaluated in order. Once a rule matches a Pod failure,
+ the remaining of the rules are ignored. When no rule matches
+ the Pod failure, the default handling applies - the counter
+ of pod failures is incremented and it is checked against
+ the backoffLimit. At most 20 elements are allowed.
+ items:
+ description: PodFailurePolicyRule describes how a pod failure
+ is handled when the requirements are met. One of onExitCodes
+ and onPodConditions, but not both, can be used in each
+ rule.
+ properties:
+ action:
+ description: "Specifies the action taken on a pod failure
+ when the requirements are satisfied. Possible values
+ are: \n - FailJob: indicates that the pod's job is
+ marked as Failed and all running pods are terminated.
+ - FailIndex: indicates that the pod's index is marked
+ as Failed and will not be restarted. This value is
+ alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default). - Ignore:
+ indicates that the counter towards the .backoffLimit
+ is not incremented and a replacement pod is created.
+ - Count: indicates that the pod is handled in the
+ default way - the counter towards the .backoffLimit
+ is incremented. Additional values are considered to
+ be added in the future. Clients should react to an
+ unknown action by skipping the rule."
+ type: string
+ onExitCodes:
+ description: Represents the requirement on the container
+ exit codes.
+ properties:
+ containerName:
+ description: Restricts the check for exit codes
+ to the container with the specified name. When
+ null, the rule applies to all containers. When
+ specified, it should match one the container or
+ initContainer names in the pod template.
+ type: string
+ operator:
+ description: "Represents the relationship between
+ the container exit code(s) and the specified values.
+ Containers completed with success (exit code 0)
+ are excluded from the requirement check. Possible
+ values are: \n - In: the requirement is satisfied
+ if at least one container exit code (might be
+ multiple if there are multiple containers not
+ restricted by the 'containerName' field) is in
+ the set of specified values. - NotIn: the requirement
+ is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers
+ not restricted by the 'containerName' field) is
+ not in the set of specified values. Additional
+ values are considered to be added in the future.
+ Clients should react to an unknown operator by
+ assuming the requirement is not satisfied."
+ type: string
+ values:
+ description: Specifies the set of values. Each returned
+ container exit code (might be multiple in case
+ of multiple containers) is checked against this
+ set of values with respect to the operator. The
+ list of values must be ordered and must not contain
+ duplicates. Value '0' cannot be used for the In
+ operator. At least one element is required. At
+ most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ - values
+ type: object
+ onPodConditions:
+ description: Represents the requirement on the pod conditions.
+ The requirement is represented as a list of pod condition
+ patterns. The requirement is satisfied if at least
+ one pattern matches an actual pod condition. At most
+ 20 elements are allowed.
+ items:
+ description: PodFailurePolicyOnPodConditionsPattern
+ describes a pattern for matching an actual pod condition
+ type.
+ properties:
+ status:
+ description: Specifies the required Pod condition
+ status. To match a pod condition it is required
+ that the specified status equals the pod condition
+ status. Defaults to True.
+ type: string
+ type:
+ description: Specifies the required Pod condition
+ type. To match a pod condition it is required
+ that specified type equals the pod condition
+ type.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - rules
+ type: object
+ podReplacementPolicy:
+ description: "podReplacementPolicy specifies when to create replacement
+ Pods. Possible values are: - TerminatingOrFailed means that
+ we recreate pods when they are terminating (has a metadata.deletionTimestamp)
+ or failed. - Failed means to wait until a previously created
+ Pod is fully terminated (has phase Failed or Succeeded) before
+ creating a replacement Pod. \n When using podFailurePolicy,
+ Failed is the the only allowed value. TerminatingOrFailed and
+ Failed are allowed values when podFailurePolicy is not in use.
+ This is an alpha field. Enable JobPodReplacementPolicy to be
+ able to use this field."
+ type: string
+ selector:
+ description: 'A label query over pods that should match the pod
+ count. Normally, the system sets this field for you. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A
+ single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is "key",
+ the operator is "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ suspend:
+ description: suspend specifies whether the Job controller should
+ create Pods or not. If a Job is created with suspend set to
+ true, no Pods are created by the Job controller. If a Job is
+ suspended after creation (i.e. the flag goes from false to true),
+ the Job controller will delete all active Pods associated with
+ this Job. Users must design their workload to gracefully handle
+ this. Suspending a Job will reset the StartTime field of the
+ Job, effectively resetting the ActiveDeadlineSeconds timer too.
+ Defaults to false.
+ type: boolean
+ template:
+ description: 'Describes the pod that will be created when executing
+ a job. The only allowed template.spec.restartPolicy values are
+ "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the
+ pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ activeDeadlineSeconds:
+ description: Optional duration in seconds the pod may
+ be active on the node relative to StartTime before the
+ system will actively try to mark it failed and kill
+ associated containers. Value must be a positive integer.
+ format: int64
+ type: integer
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a
+ node that violates one or more of the expressions.
+ The node that is most preferred is the one with
+ the greatest sum of weights, i.e. for each node
+ that meets all of the scheduling requirements
+ (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by
+ iterating through the elements of this field
+ and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s)
+ with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time,
+ the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this
+ field cease to be met at some point during pod
+ execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod
+ from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector
+ term matches no objects. The requirements
+ of them are ANDed. The TopologySelectorTerm
+ type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a
+ node that violates one or more of the expressions.
+ The node that is most preferred is the one with
+ the greatest sum of weights, i.e. for each node
+ that meets all of the scheduling requirements
+ (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by
+ iterating through the elements of this field
+ and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most
+ preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set
+ of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where
+ co-located is defined as running on
+ a node whose value of the label with
+ key topologyKey matches that of any
+ node on which any of the selected
+ pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time,
+ the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this
+ field cease to be met at some point during pod
+ execution (e.g. due to a pod label update),
+ the system may or may not try to eventually
+ evict the pod from its node. When there are
+ multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the
+ given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity)
+ with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on
+ which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity
+ expressions specified by this field, but it
+ may choose a node that violates one or more
+ of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a
+ sum by iterating through the elements of this
+ field and adding "weight" to the sum if the
+ node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest
+ sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set
+ of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where
+ co-located is defined as running on
+ a node whose value of the label with
+ key topologyKey matches that of any
+ node on which any of the selected
+ pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements
+ specified by this field are not met at scheduling
+ time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified
+ by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually
+ evict the pod from its node. When there are
+ multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the
+ given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity)
+ with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on
+ which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether
+ a service account token should be automatically mounted.
+ type: boolean
+ containers:
+ description: List of containers belonging to the pod.
+ Containers cannot currently be added or removed. There
+ must be at least one container in a Pod. Cannot be updated.
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is
+ used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as
+ a DNS_LABEL. Each container in a pod must have
+ a unique name (DNS_LABEL). Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that
+ port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container
+ will be accessible from the network. Modifying
+ this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from service
+ endpoints if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: 'Compute Resources required by this
+ container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart
+ behavior of individual containers in a pod. This
+ field may only be set for init containers, and
+ the only allowed value is "Always". For non-init
+ containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s
+ restart policy and the container type. Setting
+ the RestartPolicy as "Always" for the init container
+ will have the following effect: this init container
+ will be continually restarted on exit until all
+ regular containers have terminated. Once all regular
+ containers have completed, all init containers
+ with restartPolicy "Always" will be shut down.
+ This lifecycle differs from normal init containers
+ and is often referred to as a "sidecar" container.
+ Although this init container still starts in the
+ init container sequence, it does not wait for
+ the container to complete before proceeding to
+ the next init container. Instead, the next init
+ container starts immediately after this init container
+ is started, or after any startupProbe has successfully
+ completed.'
+ type: string
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with. If set,
+ the fields of SecurityContext override the equivalent
+ fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod
+ has successfully initialized. If specified, no
+ other probes are executed until this completes
+ successfully. If this probe fails, the Pod will
+ be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it
+ might take a long time to load data or warm a
+ cache, than during steady-state operation. This
+ cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ dnsConfig:
+ description: Specifies the DNS parameters of a pod. Parameters
+ specified here will be merged to the generated DNS configuration
+ based on DNSPolicy.
+ properties:
+ nameservers:
+ description: A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated
+ from DNSPolicy. Duplicated nameservers will be removed.
+ items:
+ type: string
+ type: array
+ options:
+ description: A list of DNS resolver options. This
+ will be merged with the base options generated from
+ DNSPolicy. Duplicated entries will be removed. Resolution
+ options given in Options will override those that
+ appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver
+ options of a pod.
+ properties:
+ name:
+ description: Required.
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ searches:
+ description: A list of DNS search domains for host-name
+ lookup. This will be appended to the base search
+ paths generated from DNSPolicy. Duplicated search
+ paths will be removed.
+ items:
+ type: string
+ type: array
+ type: object
+ dnsPolicy:
+ description: Set DNS policy for the pod. Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
+ 'Default' or 'None'. DNS parameters given in DNSConfig
+ will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you
+ have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+ type: string
+ enableServiceLinks:
+ description: 'EnableServiceLinks indicates whether information
+ about services should be injected into pod''s environment
+ variables, matching the syntax of Docker links. Optional:
+ Defaults to true.'
+ type: boolean
+ ephemeralContainers:
+ description: List of ephemeral containers run in this
+ pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging.
+ This list cannot be specified when creating a pod, and
+ it cannot be modified by updating the pod spec. In order
+ to add an ephemeral container to an existing pod, use
+ the pod's ephemeralcontainers subresource.
+ items:
+ description: "An EphemeralContainer is a temporary container
+ that you may add to an existing Pod for user-initiated
+ activities such as debugging. Ephemeral containers
+ have no resource or scheduling guarantees, and they
+ will not be restarted when they exit or when a Pod
+ is removed or restarted. The kubelet may evict a Pod
+ if an ephemeral container causes the Pod to exceed
+ its resource allocation. \n To add an ephemeral container,
+ use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted."
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The image''s
+ CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the
+ container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The image''s ENTRYPOINT is used if this
+ is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment.
+ If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for
+ escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Lifecycle is not allowed for ephemeral
+ containers.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the ephemeral container specified
+ as a DNS_LABEL. This name must be unique among
+ all containers, init containers and ephemeral
+ containers.
+ type: string
+ ports:
+ description: Ports are not allowed for ephemeral
+ containers.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources are not allowed for ephemeral
+ containers. Ephemeral containers use spare resources
+ already allocated to the pod.
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: Restart policy for the container to
+ manage the restart behavior of each container
+ within a pod. This may only be set for init containers.
+ You cannot set this field on ephemeral containers.
+ type: string
+ securityContext:
+ description: 'Optional: SecurityContext defines
+ the security options the ephemeral container should
+ be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext.'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ targetContainerName:
+ description: "If set, the name of the container
+ from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces
+ (IPC, PID, etc) of this container. If not set
+ then the ephemeral container uses the namespaces
+ configured in the Pod spec. \n The container runtime
+ must implement support for this feature. If the
+ runtime does not support namespace targeting then
+ the result of setting this field is undefined."
+ type: string
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Subpath mounts are not allowed for
+ ephemeral containers. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ hostAliases:
+ description: HostAliases is an optional list of hosts
+ and IPs that will be injected into the pod's hosts file
+ if specified. This is only valid for non-hostNetwork
+ pods.
+ items:
+ description: HostAlias holds the mapping between IP
+ and hostnames that will be injected as an entry in
+ the pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ type: object
+ type: array
+ hostIPC:
+ description: 'Use the host''s ipc namespace. Optional:
+ Default to false.'
+ type: boolean
+ hostNetwork:
+ description: Host networking requested for this pod. Use
+ the host's network namespace. If this option is set,
+ the ports that will be used must be specified. Default
+ to false.
+ type: boolean
+ hostPID:
+ description: 'Use the host''s pid namespace. Optional:
+ Default to false.'
+ type: boolean
+ hostUsers:
+ description: 'Use the host''s user namespace. Optional:
+ Default to true. If set to true or not present, the
+ pod will be run in the host user namespace, useful for
+ when the pod needs a feature only available to the host
+ user namespace, such as loading a kernel module with
+ CAP_SYS_MODULE. When set to false, a new userns is created
+ for the pod. Setting false is useful for mitigating
+ container breakout vulnerabilities even allowing users
+ to run their containers as root without actually having
+ root privileges on the host. This field is alpha-level
+ and is only honored by servers that enable the UserNamespacesSupport
+ feature.'
+ type: boolean
+ hostname:
+ description: Specifies the hostname of the Pod If not
+ specified, the pod's hostname will be set to a system-defined
+ value.
+ type: string
+ imagePullSecrets:
+ description: 'ImagePullSecrets is an optional list of
+ references to secrets in the same namespace to use for
+ pulling any of the images used by this PodSpec. If specified,
+ these secrets will be passed to individual puller implementations
+ for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the
+ same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: 'List of initialization containers belonging
+ to the pod. Init containers are executed in order prior
+ to containers being started. If any init container fails,
+ the pod is considered to have failed and is handled
+ according to its restartPolicy. The name for an init
+ container or normal container must be unique among all
+ containers. Init containers may not have Lifecycle actions,
+ Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken
+ into account during scheduling by finding the highest
+ request/limit for each resource type, and then using
+ the max of of that value or the sum of the normal containers.
+ Limits are applied to init containers in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is
+ used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as
+ a DNS_LABEL. Each container in a pod must have
+ a unique name (DNS_LABEL). Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that
+ port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container
+ will be accessible from the network. Modifying
+ this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from service
+ endpoints if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: 'Compute Resources required by this
+ container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart
+ behavior of individual containers in a pod. This
+ field may only be set for init containers, and
+ the only allowed value is "Always". For non-init
+ containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s
+ restart policy and the container type. Setting
+ the RestartPolicy as "Always" for the init container
+ will have the following effect: this init container
+ will be continually restarted on exit until all
+ regular containers have terminated. Once all regular
+ containers have completed, all init containers
+ with restartPolicy "Always" will be shut down.
+ This lifecycle differs from normal init containers
+ and is often referred to as a "sidecar" container.
+ Although this init container still starts in the
+ init container sequence, it does not wait for
+ the container to complete before proceeding to
+ the next init container. Instead, the next init
+ container starts immediately after this init container
+ is started, or after any startupProbe has successfully
+ completed.'
+ type: string
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with. If set,
+ the fields of SecurityContext override the equivalent
+ fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod
+ has successfully initialized. If specified, no
+ other probes are executed until this completes
+ successfully. If this probe fails, the Pod will
+ be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it
+ might take a long time to load data or warm a
+ cache, than during steady-state operation. This
+ cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ nodeName:
+ description: NodeName is a request to schedule this pod
+ onto a specific node. If it is non-empty, the scheduler
+ simply schedules this pod onto that node, assuming that
+ it fits resource requirements.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must
+ match a node''s labels for the pod to be scheduled on
+ that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ description: "Specifies the OS of the containers in the
+ pod. Some pod and container fields are restricted if
+ this is set. \n If the OS field is set to linux, the
+ following fields must be unset: -securityContext.windowsOptions
+ \n If the OS field is set to windows, following fields
+ must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
+ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
+ - spec.containers[*].securityContext.seccompProfile
+ - spec.containers[*].securityContext.capabilities -
+ spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup"
+ properties:
+ name:
+ description: 'Name is the name of the operating system.
+ The currently supported values are linux and windows.
+ Additional value may be defined in future and can
+ be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values
+ and treat unrecognized values in this field as os:
+ null'
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Overhead represents the resource overhead
+ associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by
+ the RuntimeClass admission controller. If the RuntimeClass
+ admission controller is enabled, overhead must not be
+ set in Pod create requests. The RuntimeClass admission
+ controller will reject Pod create requests which have
+ the overhead already set. If RuntimeClass is configured
+ and selected in the PodSpec, Overhead will be set to
+ the value defined in the corresponding RuntimeClass,
+ otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
+ type: object
+ preemptionPolicy:
+ description: PreemptionPolicy is the Policy for preempting
+ pods with lower priority. One of Never, PreemptLowerPriority.
+ Defaults to PreemptLowerPriority if unset.
+ type: string
+ priority:
+ description: The priority value. Various system components
+ use this field to find the priority of the pod. When
+ Priority Admission Controller is enabled, it prevents
+ users from setting this field. The admission controller
+ populates this field from PriorityClassName. The higher
+ the value, the higher the priority.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: If specified, indicates the pod's priority.
+ "system-node-critical" and "system-cluster-critical"
+ are two special keywords which indicate the highest
+ priorities with the former being the highest priority.
+ Any other name must be defined by creating a PriorityClass
+ object with that name. If not specified, the pod priority
+ will be default or zero if there is no default.
+ type: string
+ readinessGates:
+ description: 'If specified, all readiness gates will be
+ evaluated for pod readiness. A pod is ready when all
+ its containers are ready AND all conditions specified
+ in the readiness gates have status equal to "True" More
+ info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
+ items:
+ description: PodReadinessGate contains the reference
+ to a pod condition
+ properties:
+ conditionType:
+ description: ConditionType refers to a condition
+ in the pod's condition list with matching type.
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ resourceClaims:
+ description: "ResourceClaims defines which ResourceClaims
+ must be allocated and reserved before the Pod is allowed
+ to start. The resources will be made available to those
+ containers which consume them by name. \n This is an
+ alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: PodResourceClaim references exactly one
+ ResourceClaim through a ClaimSource. It adds a name
+ to it that uniquely identifies the ResourceClaim inside
+ the Pod. Containers that need access to the ResourceClaim
+ reference it with this name.
+ properties:
+ name:
+ description: Name uniquely identifies this resource
+ claim inside the pod. This must be a DNS_LABEL.
+ type: string
+ source:
+ description: Source describes where to find the
+ ResourceClaim.
+ properties:
+ resourceClaimName:
+ description: ResourceClaimName is the name of
+ a ResourceClaim object in the same namespace
+ as this pod.
+ type: string
+ resourceClaimTemplateName:
+ description: "ResourceClaimTemplateName is the
+ name of a ResourceClaimTemplate object in
+ the same namespace as this pod. \n The template
+ will be used to create a new ResourceClaim,
+ which will be bound to this pod. When this
+ pod is deleted, the ResourceClaim will also
+ be deleted. The pod name and resource name,
+ along with a generated component, will be
+ used to form a unique name for the ResourceClaim,
+ which will be recorded in pod.status.resourceClaimStatuses.
+ \n This field is immutable and no changes
+ will be made to the corresponding ResourceClaim
+ by the control plane after creating the ResourceClaim."
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restartPolicy:
+ description: 'Restart policy for all containers within
+ the pod. One of Always, OnFailure, Never. In some contexts,
+ only a subset of those values may be permitted. Default
+ to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+ type: string
+ runtimeClassName:
+ description: 'RuntimeClassName refers to a RuntimeClass
+ object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches
+ the named class, the pod will not be run. If unset or
+ empty, the "legacy" RuntimeClass will be used, which
+ is an implicit class with an empty definition that uses
+ the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
+ type: string
+ schedulerName:
+ description: If specified, the pod will be dispatched
+ by specified scheduler. If not specified, the pod will
+ be dispatched by default scheduler.
+ type: string
+ schedulingGates:
+ description: "SchedulingGates is an opaque list of values
+ that if specified will block scheduling the pod. If
+ schedulingGates is not empty, the pod will stay in the
+ SchedulingGated state and the scheduler will not attempt
+ to schedule the pod. \n SchedulingGates can only be
+ set at pod creation time, and be removed only afterwards.
+ \n This is a beta feature enabled by the PodSchedulingReadiness
+ feature gate."
+ items:
+ description: PodSchedulingGate is associated to a Pod
+ to guard its scheduling.
+ properties:
+ name:
+ description: Name of the scheduling gate. Each scheduling
+ gate must have a unique name field.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityContext:
+ description: 'SecurityContext holds pod-level security
+ attributes and common container settings. Optional:
+ Defaults to empty. See type description for default
+ values of each field.'
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies
+ to all containers in a pod. Some volume types allow
+ the Kubelet to change the ownership of that volume
+ to be owned by the pod: \n 1. The owning GID will
+ be the FSGroup 2. The setgid bit is set (new files
+ created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n
+ If unset, the Kubelet will not modify the ownership
+ and permissions of any volume. Note that this field
+ cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior
+ of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup
+ based ownership(and permissions). It will have no
+ effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name
+ is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for
+ that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not
+ run as UID 0 (root) and fail to start the container
+ if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified in
+ image metadata if unspecified. May also be set in
+ SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ all containers. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file on
+ the node should be used. RuntimeDefault - the
+ container runtime default profile should be
+ used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first
+ process run in each container, in addition to the
+ container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image
+ for the uid of the container process. If unspecified,
+ no additional groups are added to any container.
+ Note that group memberships defined in the container
+ image for the uid of the container process are still
+ effective, even if they are not included in this
+ list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls
+ used for the pod. Pods with unsupported sysctls
+ (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ description: Sysctl defines a kernel parameter to
+ be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options within
+ a container's SecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed
+ to have a mix of HostProcess containers and
+ non-HostProcess containers). In addition, if
+ HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the
+ entrypoint of the container process. Defaults
+ to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: 'DeprecatedServiceAccount is a depreciated
+ alias for ServiceAccountName. Deprecated: Use serviceAccountName
+ instead.'
+ type: string
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the ServiceAccount
+ to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ type: string
+ setHostnameAsFQDN:
+ description: If true the pod's hostname will be configured
+ as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in
+ the hostname field of the kernel (the nodename field
+ of struct utsname). In Windows containers, this means
+ setting the registry value of hostname for the registry
+ key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
+ to FQDN. If a pod does not have FQDN, this has no effect.
+ Default to false.
+ type: boolean
+ shareProcessNamespace:
+ description: 'Share a single process namespace between
+ all of the containers in a pod. When this is set containers
+ will be able to view and signal processes from other
+ containers in the same pod, and the first process in
+ each container will not be assigned PID 1. HostPID and
+ ShareProcessNamespace cannot both be set. Optional:
+ Default to false.'
+ type: boolean
+ subdomain:
+ description: If specified, the fully qualified Pod hostname
+ will be "...svc.". If not specified, the pod will not have a
+ domainname at all.
+ type: string
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully. May be decreased in delete
+ request. Value must be non-negative integer. The value
+ zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). If this value is nil,
+ the default grace period will be used instead. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. Defaults to 30 seconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to
+ tolerates any taint that matches the triple
+ using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to
+ match. Empty means match all taint effects. When
+ specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists;
+ this combination means to match all values and
+ all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints
+ of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect
+ NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means
+ tolerate the taint forever (do not evict). Zero
+ and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value
+ should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints describes how a
+ group of pods ought to spread across topology domains.
+ Scheduler will schedule pods in a way which abides by
+ the constraints. All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how
+ to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching
+ pods. Pods that match this label selector are
+ counted to determine the number of pods in their
+ corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label
+ keys to select the pods over which spreading will
+ be calculated. The keys are used to lookup values
+ from the incoming pod labels, those key-value
+ labels are ANDed with labelSelector to select
+ the group of existing pods over which spreading
+ will be calculated for the incoming pod. The same
+ key is forbidden to exist in both MatchLabelKeys
+ and LabelSelector. MatchLabelKeys cannot be set
+ when LabelSelector isn't set. Keys that don't
+ exist in the incoming pod labels will be ignored.
+ A null or empty list means only match against
+ labelSelector. \n This is a beta field and requires
+ the MatchLabelKeysInPodTopologySpread feature
+ gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which
+ pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between
+ the number of matching pods in the target topology
+ and the global minimum. The global minimum is
+ the minimum number of matching pods in an eligible
+ domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone
+ cluster, MaxSkew is set to 1, and pods with the
+ same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3
+ | | P P | P P | P | - if MaxSkew is 1,
+ incoming pod can only be scheduled to zone3 to
+ become 2/2/2; scheduling it onto zone1(zone2)
+ would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies
+ that satisfy it. It''s a required field. Default
+ value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible
+ domains with matching topology keys is less than
+ minDomains, Pod Topology Spread treats \"global
+ minimum\" as 0, and then the calculation of Skew
+ is performed. And when the number of eligible
+ domains with matching topology keys equals or
+ greater than minDomains, this value has no effect
+ on scheduling. As a result, when the number of
+ eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those
+ domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are
+ integers greater than 0. When value is not nil,
+ WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to
+ 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2: | zone1 | zone2
+ | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be
+ scheduled, because computed skew will be 3(3 -
+ 0) if new Pod is scheduled to any of the three
+ zones, it will violate MaxSkew. \n This is a beta
+ field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we
+ will treat Pod's nodeAffinity/nodeSelector when
+ calculating pod topology spread skew. Options
+ are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature
+ default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we
+ will treat node taints when calculating pod topology
+ spread skew. Options are: - Honor: nodes without
+ taints, along with tainted nodes for which the
+ incoming pod has a toleration, are included. -
+ Ignore: node taints are ignored. All nodes are
+ included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a
+ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels.
+ Nodes that have a label with this key and identical
+ values are considered to be in the same topology.
+ We consider each as a "bucket", and
+ try to put balanced number of pods into each bucket.
+ We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain
+ as a domain whose nodes meet the requirements
+ of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
+ If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is
+ a domain of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to
+ deal with a pod if it doesn''t satisfy the spread
+ constraint. - DoNotSchedule (default) tells the
+ scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any
+ location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint
+ is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set
+ to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule,
+ incoming pod can only be scheduled to zone2(zone3)
+ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
+ satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t
+ make it *more* imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ description: 'List of volumes that can be mounted by containers
+ belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ items:
+ description: Volume represents a named volume in a pod
+ that may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an
+ AWS Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data
+ Disk mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File
+ Service mount on the host and bind mount to the
+ pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on
+ the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume
+ attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the
+ volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that
+ should populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified
+ which is not present in the ConfigMap, the
+ volume setup will error unless it is marked
+ optional. Paths must be relative and may not
+ contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your
+ admin for the correct name as registered in
+ the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive
+ information to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may be
+ empty if no secret is required. If the secret
+ object contains more than one secret, all
+ secret references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API
+ about the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on
+ created files by default. Must be a Optional:
+ mode bits used to set permissions on created
+ files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API
+ volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal
+ values, JSON requires decimal values
+ for mode bits. If not specified, the
+ volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created.
+ Must not be absolute or contain the
+ ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path
+ must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory) are
+ currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will
+ be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name
+ of the PVC will be `-`
+ where `` is the name from the
+ `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+ \n An existing PVC with that name that is
+ not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume
+ by mistake. Starting the pod is then blocked
+ until the unrelated PVC is removed. If such
+ a pre-created PVC is meant to be used by the
+ pod, the PVC has to updated with an owner
+ reference to the pod once the pod exists.
+ Normally this should not be necessary, but
+ it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only
+ and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required,
+ must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when
+ creating it. No other fields are allowed
+ and will be rejected during validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged
+ into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the
+ desired access modes the volume should
+ have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource
+ contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be
+ copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace
+ is specified, then dataSourceRef will
+ not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the dataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ when namespace isn''t specified in
+ dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to
+ the same value automatically if one
+ of them is empty and the other is
+ non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t
+ set to the same value and must be
+ empty. There are three important differences
+ between dataSource and dataSourceRef:
+ * While dataSource only allows two
+ specific types of objects, dataSourceRef
+ allows any non-core object, as well
+ as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed
+ values (dropping them), dataSourceRef
+ preserves all values, and generates
+ an error if a disallowed value is
+ specified. * While dataSource only
+ allows local objects, dataSourceRef
+ allows objects in any namespaces.
+ (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to
+ be enabled. (Alpha) Using the namespace
+ field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference.
+ See the ReferenceGrant documentation
+ for details. (Alpha) This field
+ requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the
+ minimum resources the volume should
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is
+ immutable. It can only be set
+ for containers."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match
+ the name of one entry in
+ pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the
+ maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes
+ the minimum amount of compute
+ resources required. If Requests
+ is omitted for a container, it
+ defaults to Limits if that is
+ explicitly specified, otherwise
+ to an implementation-defined value.
+ Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query
+ over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what
+ type of volume is required by the
+ claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and
+ then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun
+ number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not
+ both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an
+ exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field
+ holds extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume
+ attached to a kubelet's host machine. This depends
+ on the Flocker control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE
+ Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository
+ at a particular revision. DEPRECATED: GitRepo
+ is deprecated. To provision a container with a
+ git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the
+ EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for
+ the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing
+ file or directory on the host machine that is
+ directly exposed to the container. This is generally
+ used for system agents or other privileged things
+ that are allowed to see the host machine. Most
+ containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can
+ use host directory mounts and who can/can not
+ mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the
+ link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun
+ number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the
+ host that shares a pod''s lifetime More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS
+ server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS
+ export to be mounted with read-only permissions.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this
+ volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets
+ host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem
+ type to mount Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a
+ Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about
+ the configMap data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode
+ bits used to set permissions
+ on this file, must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about
+ the secret data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient
+ of a token must identify itself
+ with an identifier specified in
+ the audience of the token, and otherwise
+ should reject the token. The audience
+ defaults to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is
+ the requested duration of validity
+ of the service account token. As
+ the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token.
+ The kubelet will start trying to
+ rotate the token if the token is
+ older than 80 percent of its time
+ to live or if the token is older
+ than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to
+ project the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount
+ on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or
+ multiple Quobyte Registry services specified
+ as a string as host:port pair (multiple entries
+ are separated with commas) which acts as the
+ central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte
+ volume in the Backend Used with dynamically
+ provisioned Quobyte volumes, value is set
+ by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring
+ for RBDUser. Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides
+ keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified
+ which is not present in the Secret, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret
+ to use for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable
+ name of the StorageOS volume. Volume names
+ are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will
+ be used. This allows the Kubernetes name
+ scoping to be mirrored within StorageOS for
+ tighter integration. Set VolumeName to any
+ name to override the default behaviour. Set
+ to "default" if you are not using namespaces
+ within StorageOS. Namespaces that do not pre-exist
+ within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - containers
+ type: object
+ type: object
+ ttlSecondsAfterFinished:
+ description: ttlSecondsAfterFinished limits the lifetime of a
+ Job that has finished execution (either Complete or Failed).
+ If this field is set, ttlSecondsAfterFinished after the Job
+ finishes, it is eligible to be automatically deleted. When the
+ Job is being deleted, its lifecycle guarantees (e.g. finalizers)
+ will be honored. If this field is unset, the Job won't be automatically
+ deleted. If this field is set to zero, the Job becomes eligible
+ to be deleted immediately after it finishes.
+ format: int32
+ type: integer
+ required:
+ - template
+ type: object
+ parametersSchema:
+ description: parametersSchema describes the schema used for validation,
+ pruning, and defaulting.
+ properties:
+ openAPIV3Schema:
+ description: openAPIV3SchemaProperties is the OpenAPI v3 schema
+ to use for parameter schema.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ preChecks:
+ description: pre-check if it meets the requirements to run the job
+ for the operation.
+ items:
+ description: PreCheck
+ properties:
+ exec:
+ description: a job will be run to execute pre-check.
+ properties:
+ args:
+ description: container args.
+ items:
+ type: string
+ type: array
+ command:
+ description: container commands.
+ items:
+ type: string
+ type: array
+ env:
+ description: container env.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)". Escaped
+ references will never be expanded, regardless of
+ whether the variable exists or not. Defaults to
+ "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: image name.
+ type: string
+ required:
+ - image
+ type: object
+ expression:
+ description: expression declares how the operation can be executed.
+ properties:
+ message:
+ description: report the message if the rule is not matched.
+ type: string
+ rule:
+ description: 'validation rule declares how the operation
+ can be executed using go template expression. it should
+ return "true" or "false", built-in objects: - "params"
+ are input parameters. - "cluster" is referenced cluster
+ object. - "component" is referenced the component Object.'
+ type: string
+ required:
+ - message
+ - rule
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: at least one exists for expression and exec.
+ rule: has(self.expression) || has(self.exec)
+ type: array
+ triggerPhaseChange:
+ description: triggerPhaseChange indicates whether the operation will
+ trigger a state change of the component. if true, will be queued
+ for execution.
+ type: boolean
+ required:
+ - componentDefinitionRefs
+ - jobSpec
+ type: object
+ status:
+ description: OpsDefinitionStatus defines the observed state of OpsDefinition
+ properties:
+ message:
+ description: Extra message for current phase.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed
+ for this OpsDefinition.
+ format: int64
+ type: integer
+ phase:
+ description: Phase valid values are ``, `Available`, 'Unavailable`.
+ Available is OpsDefinition become available, and can be used for
+ co-related objects.
+ enum:
+ - Available
+ - Unavailable
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/crd/bases/apps.kubeblocks.io_opsrequests.yaml b/config/crd/bases/apps.kubeblocks.io_opsrequests.yaml
index 6666b815b0ef..79dba2a2f716 100644
--- a/config/crd/bases/apps.kubeblocks.io_opsrequests.yaml
+++ b/config/crd/bases/apps.kubeblocks.io_opsrequests.yaml
@@ -107,11 +107,25 @@ spec:
modifying this property again will not take effect.'
type: boolean
clusterRef:
- description: clusterRef references clusterDefinition.
+ description: clusterRef references cluster object.
type: string
x-kubernetes-validations:
- message: forbidden to update spec.clusterRef
rule: self == oldSelf
+ customSpec:
+ properties:
+ componentName:
+ description: cluster component name.
+ type: string
+ opsDefinitionRef:
+ description: reference a opsDefinition
+ type: string
+ params:
+ description: the input for this operation declared in the opsDefinition.spec.parametersSchema.
+ required:
+ - componentName
+ - opsDefinitionRef
+ type: object
expose:
description: expose defines services the component needs to expose.
items:
@@ -578,6 +592,7 @@ spec:
- DataScript
- Backup
- Restore
+ - Custom
type: string
x-kubernetes-validations:
- message: forbidden to update spec.type
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index 3eab17e748aa..6469a28c9d9a 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -23,6 +23,7 @@ resources:
- bases/apps.kubeblocks.io_servicedescriptors.yaml
- bases/apps.kubeblocks.io_componentdefinitions.yaml
- bases/apps.kubeblocks.io_components.yaml
+- bases/apps.kubeblocks.io_opsdefinitions.yaml
#+kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
@@ -51,6 +52,7 @@ patchesStrategicMerge:
#- patches/webhook_in_servicedescriptors.yaml
#- patches/webhook_in_componentdefinitions.yaml
#- patches/webhook_in_components.yaml
+#- patches/webhook_in_opsdefinitions.yaml
#+kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -78,6 +80,7 @@ patchesStrategicMerge:
#- patches/cainjection_in_servicedescriptors.yaml
#- patches/cainjection_in_componentdefinitions.yaml
#- patches/cainjection_in_components.yaml
+#- patches/cainjection_in_opsdefinitions.yaml
#+kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
diff --git a/config/crd/patches/cainjection_in_opsdefinitions.yaml b/config/crd/patches/cainjection_in_opsdefinitions.yaml
new file mode 100644
index 000000000000..ddca3748cf7f
--- /dev/null
+++ b/config/crd/patches/cainjection_in_opsdefinitions.yaml
@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ name: opsdefinitions.apps.kubeblocks.io
diff --git a/config/crd/patches/webhook_in_opsdefinitions.yaml b/config/crd/patches/webhook_in_opsdefinitions.yaml
new file mode 100644
index 000000000000..d922ea70d3b6
--- /dev/null
+++ b/config/crd/patches/webhook_in_opsdefinitions.yaml
@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: opsdefinitions.apps.kubeblocks.io
+spec:
+ conversion:
+ strategy: Webhook
+ webhook:
+ clientConfig:
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+ conversionReviewVersions:
+ - v1
diff --git a/config/rbac/opsdefinition_editor_role.yaml b/config/rbac/opsdefinition_editor_role.yaml
new file mode 100644
index 000000000000..83840173ec66
--- /dev/null
+++ b/config/rbac/opsdefinition_editor_role.yaml
@@ -0,0 +1,24 @@
+# permissions for end users to edit opsdefinitions.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: opsdefinition-editor-role
+rules:
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/status
+ verbs:
+ - get
diff --git a/config/rbac/opsdefinition_viewer_role.yaml b/config/rbac/opsdefinition_viewer_role.yaml
new file mode 100644
index 000000000000..28ba5da50b09
--- /dev/null
+++ b/config/rbac/opsdefinition_viewer_role.yaml
@@ -0,0 +1,20 @@
+# permissions for end users to view opsdefinitions.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: opsdefinition-viewer-role
+rules:
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/status
+ verbs:
+ - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index b746a1dfeebf..54e0e79e6b2f 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -297,6 +297,32 @@ rules:
- get
- patch
- update
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- apps.kubeblocks.io
resources:
diff --git a/config/samples/apps_v1alpha1_opsdefinition.yaml b/config/samples/apps_v1alpha1_opsdefinition.yaml
new file mode 100644
index 000000000000..0b3af3935b26
--- /dev/null
+++ b/config/samples/apps_v1alpha1_opsdefinition.yaml
@@ -0,0 +1,6 @@
+apiVersion: apps.kubeblocks.io/v1alpha1
+kind: OpsDefinition
+metadata:
+ name: opsdefinition-sample
+spec:
+ # TODO(user): Add fields here
diff --git a/controllers/apps/cluster_controller.go b/controllers/apps/cluster_controller.go
index 5280b611c3f1..7077c42205f2 100644
--- a/controllers/apps/cluster_controller.go
+++ b/controllers/apps/cluster_controller.go
@@ -94,6 +94,13 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
reqCtx.Log.V(1).Info("reconcile", "cluster", req.NamespacedName)
+ // the cluster reconciliation loop is a 3-stage model: plan Init, plan Build and plan Execute
+ // Init stage
+ planBuilder := NewClusterPlanBuilder(reqCtx, r.Client)
+ if err := planBuilder.Init(); err != nil {
+ return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
+ }
+
requeueError := func(err error) (ctrl.Result, error) {
if re, ok := err.(intctrlutil.RequeueError); ok {
return intctrlutil.RequeueAfter(re.RequeueAfter(), reqCtx.Log, re.Reason())
@@ -101,16 +108,11 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
if apierrors.IsConflict(err) {
return intctrlutil.Requeue(reqCtx.Log, err.Error())
}
+ c := planBuilder.(*clusterPlanBuilder)
+ sendWarningEventWithError(r.Recorder, c.transCtx.Cluster, corev1.EventTypeWarning, err)
return intctrlutil.RequeueWithError(err, reqCtx.Log, "")
}
- // the cluster reconciliation loop is a 3-stage model: plan Init, plan Build and plan Execute
- // Init stage
- planBuilder := NewClusterPlanBuilder(reqCtx, r.Client)
- if err := planBuilder.Init(); err != nil {
- return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
- }
-
// Build stage
// what you should do in most cases is writing your transformer.
//
diff --git a/controllers/apps/component_controller.go b/controllers/apps/component_controller.go
index 41c839fb4f4b..1792aec9f60f 100644
--- a/controllers/apps/component_controller.go
+++ b/controllers/apps/component_controller.go
@@ -110,18 +110,20 @@ func (r *ComponentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
reqCtx.Log.V(1).Info("reconcile", "component", req.NamespacedName)
+ planBuilder := NewComponentPlanBuilder(reqCtx, r.Client, req)
+ if err := planBuilder.Init(); err != nil {
+ return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
+ }
+
requeueError := func(err error) (ctrl.Result, error) {
if re, ok := err.(intctrlutil.RequeueError); ok {
return intctrlutil.RequeueAfter(re.RequeueAfter(), reqCtx.Log, re.Reason())
}
+ c := planBuilder.(*componentPlanBuilder)
+ sendWarningEventWithError(r.Recorder, c.transCtx.Component, corev1.EventTypeWarning, err)
return intctrlutil.RequeueWithError(err, reqCtx.Log, "")
}
- planBuilder := NewComponentPlanBuilder(reqCtx, r.Client, req)
- if err := planBuilder.Init(); err != nil {
- return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
- }
-
plan, errBuild := planBuilder.
AddTransformer(
// handle component deletion first
diff --git a/controllers/apps/component_plan_builder.go b/controllers/apps/component_plan_builder.go
index 8568733f6f5e..0a0f69fa6558 100644
--- a/controllers/apps/component_plan_builder.go
+++ b/controllers/apps/component_plan_builder.go
@@ -24,6 +24,7 @@ import (
"fmt"
"github.com/go-logr/logr"
+ corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/client-go/tools/record"
ctrl "sigs.k8s.io/controller-runtime"
@@ -137,6 +138,7 @@ func (p *componentPlan) Execute() error {
err := p.dag.WalkReverseTopoOrder(p.walkFunc, nil)
if err != nil {
p.transCtx.Logger.V(1).Info(fmt.Sprintf("execute error: %s", err.Error()))
+ sendWarningEventWithError(p.transCtx.EventRecorder, p.transCtx.Component, corev1.EventTypeWarning, err)
}
return err
}
diff --git a/controllers/apps/componentdefinition_controller.go b/controllers/apps/componentdefinition_controller.go
index 18fcce359773..7740fea6c90a 100644
--- a/controllers/apps/componentdefinition_controller.go
+++ b/controllers/apps/componentdefinition_controller.go
@@ -254,10 +254,11 @@ func (r *ComponentDefinitionReconciler) validateLabels(cli client.Client, rctx i
func (r *ComponentDefinitionReconciler) validateSystemAccounts(cli client.Client, rctx intctrlutil.RequestCtx,
cmpd *appsv1alpha1.ComponentDefinition) error {
- if len(cmpd.Spec.SystemAccounts) != 0 && (cmpd.Spec.LifecycleActions == nil || cmpd.Spec.LifecycleActions.AccountProvision == nil) {
- return fmt.Errorf("the AccountProvision action is needed to provision system accounts")
+ for _, v := range cmpd.Spec.SystemAccounts {
+ if v.SecretRef == nil && (cmpd.Spec.LifecycleActions == nil || cmpd.Spec.LifecycleActions.AccountProvision == nil) {
+ return fmt.Errorf(`the AccountProvision action is needed to provision system account %s`, v.Name)
+ }
}
-
if !checkUniqueItemWithValue(cmpd.Spec.SystemAccounts, "Name", nil) {
return fmt.Errorf("duplicate system accounts are not allowed")
}
diff --git a/controllers/apps/const.go b/controllers/apps/const.go
index 8554f7d7a289..c0a73404fa90 100644
--- a/controllers/apps/const.go
+++ b/controllers/apps/const.go
@@ -27,6 +27,7 @@ const (
dbClusterDefFinalizerName = "clusterdefinition.kubeblocks.io/finalizer"
clusterVersionFinalizerName = "clusterversion.kubeblocks.io/finalizer"
opsRequestFinalizerName = "opsrequest.kubeblocks.io/finalizer"
+ opsDefinitionFinalizerName = "opsdefinition.kubeblocks.io/finalizer"
// annotations keys
// lifecycleAnnotationKey = "cluster.kubeblocks.io/lifecycle"
diff --git a/controllers/apps/operations/custom.go b/controllers/apps/operations/custom.go
new file mode 100644
index 000000000000..2283d07f04e9
--- /dev/null
+++ b/controllers/apps/operations/custom.go
@@ -0,0 +1,165 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+This file is part of KubeBlocks project
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+package operations
+
+import (
+ "fmt"
+ "strings"
+ "text/template"
+ "time"
+
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+
+ appsv1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ "github.com/apecloud/kubeblocks/pkg/common"
+ "github.com/apecloud/kubeblocks/pkg/constant"
+ intctrlutil "github.com/apecloud/kubeblocks/pkg/controllerutil"
+)
+
+type CustomOpsHandler struct{}
+
+var _ OpsHandler = CustomOpsHandler{}
+
+func init() {
+ customBehaviour := OpsBehaviour{
+ OpsHandler: CustomOpsHandler{},
+ }
+
+ opsMgr := GetOpsManager()
+ opsMgr.RegisterOps(appsv1alpha1.CustomType, customBehaviour)
+}
+
+// ActionStartedCondition the started condition when handling the stop request.
+func (c CustomOpsHandler) ActionStartedCondition(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource) (*metav1.Condition, error) {
+ opsDefName := common.ToCamelCase(opsRes.OpsRequest.Spec.CustomSpec.OpsDefinitionRef)
+ return &metav1.Condition{
+ Type: "CustomOperation",
+ Status: metav1.ConditionTrue,
+ Reason: opsDefName + "Starting",
+ LastTransitionTime: metav1.Now(),
+ Message: fmt.Sprintf("Start to handle %s on the Cluster: %s", opsDefName, opsRes.OpsRequest.Spec.ClusterRef),
+ }, nil
+}
+
+// Action
+func (c CustomOpsHandler) Action(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource) error {
+ preChecks := opsRes.OpsDef.Spec.PreChecks
+ customSpec := opsRes.OpsRequest.Spec.CustomSpec
+ // 1. do preChecks (if is job, can return needWaiting)
+ for _, v := range preChecks {
+ if v.Expression != nil {
+ if err := c.checkExpression(reqCtx, cli, opsRes, v.Expression, customSpec.ComponentName); err != nil {
+ return intctrlutil.NewFatalError(err.Error())
+ }
+ } else if v.Exec != nil {
+ if err := c.checkExecAction(reqCtx, cli, opsRes, v.Exec); err != nil {
+ return intctrlutil.NewFatalError(err.Error())
+ }
+ }
+ }
+ // 2. do job action
+ return nil
+}
+
+func (c CustomOpsHandler) checkExpression(reqCtx intctrlutil.RequestCtx,
+ cli client.Client,
+ opsRes *OpsResource,
+ expression *appsv1alpha1.Expression,
+ compName string) error {
+ opsSpec := opsRes.OpsRequest.Spec
+ componentObjName := constant.GenerateClusterComponentName(opsSpec.ClusterRef, compName)
+ comp := &appsv1alpha1.Component{}
+ if err := cli.Get(reqCtx.Ctx, client.ObjectKey{Name: componentObjName, Namespace: opsRes.OpsRequest.Namespace}, comp); err != nil {
+ return err
+ }
+ var buf strings.Builder
+ data := map[string]interface{}{
+ "cluster": opsRes.Cluster,
+ "component": comp,
+ "params": opsRes.OpsRequest.Spec.CustomSpec.Params,
+ }
+ tmpl, err := template.New("opsDefTemplate").Parse(expression.Rule)
+ if err != nil {
+ return err
+ }
+ if err = tmpl.Execute(&buf, data); err != nil {
+ return err
+ }
+ if buf.String() == "false" {
+ return fmt.Errorf(expression.Message)
+ }
+ return nil
+}
+
+func (c CustomOpsHandler) checkExecAction(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource, exec *appsv1alpha1.PreCheckExec) error {
+ return nil
+}
+
+// ReconcileAction will be performed when action is done and loops till OpsRequest.status.phase is Succeed/Failed.
+// the Reconcile function for stop opsRequest.
+func (c CustomOpsHandler) ReconcileAction(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource) (appsv1alpha1.OpsPhase, time.Duration, error) {
+ getExpectReplicas := func(opsRequest *appsv1alpha1.OpsRequest, componentName string) *int32 {
+ expectReplicas := int32(0)
+ return &expectReplicas
+ }
+ handleComponentProgress := func(reqCtx intctrlutil.RequestCtx,
+ cli client.Client,
+ opsRes *OpsResource,
+ pgRes progressResource,
+ compStatus *appsv1alpha1.OpsRequestComponentStatus) (int32, int32, error) {
+ expectProgressCount, completedCount, err := handleComponentProgressForScalingReplicas(reqCtx, cli, opsRes, pgRes, compStatus, getExpectReplicas)
+ if err != nil {
+ return expectProgressCount, completedCount, err
+ }
+ return expectProgressCount, completedCount, nil
+ }
+ return reconcileActionWithComponentOps(reqCtx, cli, opsRes, "", handleComponentProgress)
+}
+
+// SaveLastConfiguration records last configuration to the OpsRequest.status.lastConfiguration
+func (c CustomOpsHandler) SaveLastConfiguration(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource) error {
+ return nil
+}
+
+func initOpsDefAndValidate(reqCtx intctrlutil.RequestCtx, cli client.Client, opsRes *OpsResource) (bool, error) {
+ customSpec := opsRes.OpsRequest.Spec.CustomSpec
+ if customSpec == nil {
+ return false, intctrlutil.NewFatalError("spec.customSpec can not be empty if opsType is Custom.")
+ }
+ opsDef := &appsv1alpha1.OpsDefinition{}
+ if err := cli.Get(reqCtx.Ctx, client.ObjectKey{Name: customSpec.OpsDefinitionRef}, opsDef); err != nil {
+ return false, err
+ }
+ opsRes.OpsDef = opsDef
+ // validate schema
+ parametersSchema := opsDef.Spec.ParametersSchema
+ // covert to type map[string]interface{}
+ params := map[string]interface{}{}
+ for k, v := range customSpec.Params {
+ params[k] = v
+ }
+ if parametersSchema != nil && parametersSchema.OpenAPIV3Schema != nil {
+ if err := common.ValidateDataWithSchema(parametersSchema.OpenAPIV3Schema, params); err != nil {
+ return false, err
+ }
+ }
+ return opsDef.Spec.TriggerPhaseChange, nil
+}
diff --git a/controllers/apps/operations/datascript.go b/controllers/apps/operations/datascript.go
index 9e99b65aa9d9..69d8f8d731b6 100644
--- a/controllers/apps/operations/datascript.go
+++ b/controllers/apps/operations/datascript.go
@@ -43,21 +43,11 @@ import (
)
var _ OpsHandler = DataScriptOpsHandler{}
-var _ error = &FastFailError{}
// DataScriptOpsHandler handles DataScript operation, it is more like a one-time command operation.
type DataScriptOpsHandler struct {
}
-// FastFailError is an error type that will not retry the operation.
-type FastFailError struct {
- message string
-}
-
-func (e *FastFailError) Error() string {
- return fmt.Sprintf("fail with message: %s", e.message)
-}
-
func init() {
// ToClusterPhase is not defined, because 'datascript' does not affect the cluster status.
dataScriptOpsHandler := DataScriptOpsHandler{}
@@ -80,21 +70,21 @@ func (o DataScriptOpsHandler) Action(reqCtx intctrlutil.RequestCtx, cli client.C
component := cluster.Spec.GetComponentByName(spec.ComponentName)
if component == nil {
// we have checked component exists in validation, so this should not happen
- return &FastFailError{message: fmt.Sprintf("component %s not found in cluster %s", spec.ComponentName, cluster.Name)}
+ return intctrlutil.NewFatalError(fmt.Sprintf("component %s not found in cluster %s", spec.ComponentName, cluster.Name))
}
clusterDef, err := getClusterDefByName(reqCtx.Ctx, cli, cluster.Spec.ClusterDefRef)
if err != nil {
if apierrors.IsNotFound(err) {
// fail fast if cluster def does not exists
- return &FastFailError{message: err.Error()}
+ return intctrlutil.NewFatalError(err.Error())
}
return err
}
// get componentDef
componentDef := clusterDef.GetComponentDefByName(component.ComponentDefRef)
if componentDef == nil {
- return &FastFailError{message: fmt.Sprintf("componentDef %s not found in clusterDef %s", component.ComponentDefRef, clusterDef.Name)}
+ return intctrlutil.NewFatalError(fmt.Sprintf("componentDef %s not found in clusterDef %s", component.ComponentDefRef, clusterDef.Name))
}
// create jobs
@@ -240,7 +230,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
ops *appsv1alpha1.OpsRequest, charType string) ([]*batchv1.Job, error) {
engineForJob, err := register.NewClusterCommands(charType)
if err != nil || engineForJob == nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
buildJob := func(endpoint string) (*batchv1.Job, error) {
@@ -262,7 +252,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
}
// verify secrets exist
if err := cli.Get(reqCtx.Ctx, types.NamespacedName{Namespace: reqCtx.Req.Namespace, Name: secretFrom.Name}, &corev1.Secret{}); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
envs = append(envs, corev1.EnvVar{
@@ -291,7 +281,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
// parse scripts
scripts, err := getScriptContent(reqCtx, cli, ops.Spec.ScriptSpec)
if err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
envs = append(envs, corev1.EnvVar{
@@ -301,7 +291,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
jobCmdTpl, envVars, err := engineForJob.ExecuteCommand(scripts)
if err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
if envVars != nil {
envs = append(envs, envVars...)
@@ -311,7 +301,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
containerImg = ops.Spec.ScriptSpec.Image
}
if len(containerImg) == 0 {
- return nil, &FastFailError{message: "image is empty"}
+ return nil, intctrlutil.NewFatalError("image is empty")
}
container := corev1.Container{
@@ -344,13 +334,13 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
// add tolerations
tolerations, err := componetutil.BuildTolerations(cluster, component)
if err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
job.Spec.Template.Spec.Tolerations = tolerations
// add owner reference
scheme, _ := appsv1alpha1.SchemeBuilder.Build()
if err := controllerutil.SetOwnerReference(ops, job, scheme); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
return job, nil
}
@@ -362,10 +352,10 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
jobs := make([]*batchv1.Job, 0)
if ops.Spec.ScriptSpec.Selector == nil {
if endpoint, err = getTargetService(reqCtx, cli, client.ObjectKeyFromObject(cluster), component.Name); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
if job, err = buildJob(endpoint); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
jobs = append(jobs, job)
return jobs, nil
@@ -373,7 +363,7 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
selector, err := metav1.LabelSelectorAsSelector(ops.Spec.ScriptSpec.Selector)
if err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
pods := &corev1.PodList{}
@@ -384,15 +374,15 @@ func buildDataScriptJobs(reqCtx intctrlutil.RequestCtx, cli client.Client, clust
},
client.MatchingLabelsSelector{Selector: selector},
); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
} else if len(pods.Items) == 0 {
- return nil, &FastFailError{message: "no pods found"}
+ return nil, intctrlutil.NewFatalError(err.Error())
}
for _, pod := range pods.Items {
endpoint = pod.Status.PodIP
if job, err = buildJob(endpoint); err != nil {
- return nil, &FastFailError{message: err.Error()}
+ return nil, intctrlutil.NewFatalError(err.Error())
} else {
jobs = append(jobs, job)
}
diff --git a/controllers/apps/operations/ops_manager.go b/controllers/apps/operations/ops_manager.go
index 7d912e870307..5dafae801b76 100644
--- a/controllers/apps/operations/ops_manager.go
+++ b/controllers/apps/operations/ops_manager.go
@@ -56,10 +56,20 @@ func (opsMgr *OpsManager) Do(reqCtx intctrlutil.RequestCtx, cli client.Client, o
return &ctrl.Result{}, PatchOpsHandlerNotSupported(reqCtx.Ctx, cli, opsRes)
}
- // validate OpsRequest.spec
- // if the operation will create a new cluster, don't validate the cluster
- if err = opsRequest.Validate(reqCtx.Ctx, cli, opsRes.Cluster, !opsBehaviour.IsClusterCreation); err != nil {
- return &ctrl.Result{}, patchValidateErrorCondition(reqCtx.Ctx, cli, opsRes, err.Error())
+ if opsRequest.Spec.Type == appsv1alpha1.CustomType {
+ triggerPhaseChange, err := initOpsDefAndValidate(reqCtx, cli, opsRes)
+ if err != nil {
+ return &ctrl.Result{}, patchValidateErrorCondition(reqCtx.Ctx, cli, opsRes, err.Error())
+ }
+ if triggerPhaseChange {
+ opsBehaviour.ToClusterPhase = appsv1alpha1.UpdatingClusterPhase
+ }
+ } else {
+ // validate OpsRequest.spec
+ // if the operation will create a new cluster, don't validate the cluster
+ if err = opsRequest.Validate(reqCtx.Ctx, cli, opsRes.Cluster, !opsBehaviour.IsClusterCreation); err != nil {
+ return &ctrl.Result{}, patchValidateErrorCondition(reqCtx.Ctx, cli, opsRes, err.Error())
+ }
}
if opsRequest.Status.Phase == appsv1alpha1.OpsPendingPhase {
@@ -95,10 +105,13 @@ func (opsMgr *OpsManager) Do(reqCtx intctrlutil.RequestCtx, cli client.Client, o
}
if err = opsBehaviour.OpsHandler.Action(reqCtx, cli, opsRes); err != nil {
- // patch the status.phase to Failed when the error is FastFailError, which means the operation is failed and there is no need to retry
- if _, ok := err.(*FastFailError); ok {
+ // patch the status.phase to Failed when the error is Fatal, which means the operation is failed and there is no need to retry
+ if intctrlutil.IsTargetError(err, intctrlutil.ErrorTypeFatal) {
return &ctrl.Result{}, patchFastFailErrorCondition(reqCtx.Ctx, cli, opsRes, err)
}
+ if intctrlutil.IsTargetError(err, intctrlutil.ErrorTypeNeedWaiting) {
+ return intctrlutil.ResultToP(intctrlutil.Reconciled())
+ }
return nil, err
}
return nil, nil
diff --git a/controllers/apps/operations/reconfigure_util.go b/controllers/apps/operations/reconfigure_util.go
index 7f4d0c887b3f..01f3ca4d57a7 100644
--- a/controllers/apps/operations/reconfigure_util.go
+++ b/controllers/apps/operations/reconfigure_util.go
@@ -29,6 +29,7 @@ import (
appsv1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
"github.com/apecloud/kubeblocks/pkg/configuration/core"
+ intctrlutil "github.com/apecloud/kubeblocks/pkg/controllerutil"
)
type reconfiguringResult struct {
@@ -290,7 +291,7 @@ func processMergedFailed(resource *OpsResource, isInvalid bool, err error) error
// if failed to validate configure, set opsRequest to failed and return
failedCondition := appsv1alpha1.NewReconfigureFailedCondition(resource.OpsRequest, err)
resource.OpsRequest.SetStatusCondition(*failedCondition)
- return &FastFailError{message: err.Error()}
+ return intctrlutil.NewFatalError(err.Error())
}
func formatConfigPatchToMessage(configPatch *core.ConfigPatchInfo, execStatus *core.PolicyExecStatus) string {
diff --git a/controllers/apps/operations/type.go b/controllers/apps/operations/type.go
index d26a73d6f682..bd2797d9735e 100644
--- a/controllers/apps/operations/type.go
+++ b/controllers/apps/operations/type.go
@@ -66,6 +66,7 @@ type OpsBehaviour struct {
}
type OpsResource struct {
+ OpsDef *appsv1alpha1.OpsDefinition
OpsRequest *appsv1alpha1.OpsRequest
Cluster *appsv1alpha1.Cluster
Recorder record.EventRecorder
diff --git a/controllers/apps/opsdefinition_controller.go b/controllers/apps/opsdefinition_controller.go
new file mode 100644
index 000000000000..b0c79d30c824
--- /dev/null
+++ b/controllers/apps/opsdefinition_controller.go
@@ -0,0 +1,98 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+This file is part of KubeBlocks project
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+package apps
+
+import (
+ "context"
+
+ "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/client-go/tools/record"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+
+ appsv1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ intctrlutil "github.com/apecloud/kubeblocks/pkg/controllerutil"
+)
+
+// OpsDefinitionReconciler reconciles a OpsDefinition object
+type OpsDefinitionReconciler struct {
+ client.Client
+ Scheme *runtime.Scheme
+ Recorder record.EventRecorder
+}
+
+//+kubebuilder:rbac:groups=apps.kubeblocks.io,resources=opsdefinitions,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=apps.kubeblocks.io,resources=opsdefinitions/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=apps.kubeblocks.io,resources=opsdefinitions/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the OpsDefinition object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.0/pkg/reconcile
+func (r *OpsDefinitionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+ reqCtx := intctrlutil.RequestCtx{
+ Ctx: ctx,
+ Req: req,
+ Log: log.FromContext(ctx).WithValues("opsDefinition", req.NamespacedName),
+ }
+
+ opsDef := &appsv1alpha1.OpsDefinition{}
+ if err := r.Client.Get(reqCtx.Ctx, reqCtx.Req.NamespacedName, opsDef); err != nil {
+ return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
+ }
+
+ res, err := intctrlutil.HandleCRDeletion(reqCtx, r, opsDef, opsDefinitionFinalizerName, func() (*ctrl.Result, error) {
+ return nil, nil
+ })
+ if res != nil {
+ return *res, err
+ }
+
+ if opsDef.Status.ObservedGeneration == opsDef.Generation &&
+ opsDef.Status.Phase == appsv1alpha1.AvailablePhase {
+ return intctrlutil.Reconciled()
+ }
+
+ // TODO: check job label selector.
+ // TODO: check go template of the expression.
+ // TODO: check serviceKind, connectionCredentialName and serviceName
+
+ statusPatch := client.MergeFrom(opsDef.DeepCopy())
+ opsDef.Status.ObservedGeneration = opsDef.Generation
+ opsDef.Status.Phase = appsv1alpha1.AvailablePhase
+ if err = r.Client.Status().Patch(reqCtx.Ctx, opsDef, statusPatch); err != nil {
+ return intctrlutil.CheckedRequeueWithError(err, reqCtx.Log, "")
+ }
+ intctrlutil.RecordCreatedEvent(r.Recorder, opsDef)
+ return intctrlutil.Reconciled()
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *OpsDefinitionReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&appsv1alpha1.OpsDefinition{}).
+ Complete(r)
+}
diff --git a/controllers/apps/transform_utils.go b/controllers/apps/transform_utils.go
index 6e129ceac0dc..17feae974483 100644
--- a/controllers/apps/transform_utils.go
+++ b/controllers/apps/transform_utils.go
@@ -104,7 +104,7 @@ func getClusterOwningObjectsWithOptions(transCtx *clusterTransformContext,
// sendWarningEventWithError sends a warning event when occurs error.
func sendWarningEventWithError(
recorder record.EventRecorder,
- cluster *appsv1alpha1.Cluster,
+ obj client.Object,
reason string,
err error) {
// ignore requeue error
@@ -115,7 +115,7 @@ func sendWarningEventWithError(
if controllerErr != nil {
reason = string(controllerErr.Type)
}
- recorder.Event(cluster, corev1.EventTypeWarning, reason, err.Error())
+ recorder.Event(obj, corev1.EventTypeWarning, reason, err.Error())
}
func isResourceRequirementsEqual(a, b corev1.ResourceRequirements) bool {
diff --git a/controllers/apps/transformer_cluster_credential.go b/controllers/apps/transformer_cluster_credential.go
index 3f1acd9b322f..46b7722cfa8b 100644
--- a/controllers/apps/transformer_cluster_credential.go
+++ b/controllers/apps/transformer_cluster_credential.go
@@ -210,6 +210,7 @@ func buildCredentialAccountFromSecret(ctx graph.TransformContext, dag *graph.DAG
return err
}
}
+
maps.Copy(*data, secret.Data)
return nil
}
diff --git a/controllers/apps/transformer_component_account.go b/controllers/apps/transformer_component_account.go
index 813eb85b6c79..c71c81c9054b 100644
--- a/controllers/apps/transformer_component_account.go
+++ b/controllers/apps/transformer_component_account.go
@@ -32,6 +32,7 @@ import (
"github.com/apecloud/kubeblocks/pkg/constant"
"github.com/apecloud/kubeblocks/pkg/controller/builder"
"github.com/apecloud/kubeblocks/pkg/controller/component"
+ "github.com/apecloud/kubeblocks/pkg/controller/factory"
"github.com/apecloud/kubeblocks/pkg/controller/graph"
"github.com/apecloud/kubeblocks/pkg/controller/model"
)
@@ -86,19 +87,22 @@ func (t *componentAccountTransformer) checkAccountSecretExist(ctx graph.Transfor
func (t *componentAccountTransformer) buildAccountSecret(ctx graph.TransformContext,
synthesizeComp *component.SynthesizedComponent, account appsv1alpha1.SystemAccount) (*corev1.Secret, error) {
- var password []byte
+ secretData := map[string][]byte{}
if account.SecretRef != nil {
var err error
- if password, err = t.getPasswordFromSecret(ctx, account); err != nil {
+ secretData, err = t.replaceSecretData(ctx, account)
+ if err != nil {
return nil, err
}
+ secretData[constant.AccountNameForSecret] = []byte(account.Name)
} else {
- password = t.generatePassword(account)
+ secretData[constant.AccountNameForSecret] = []byte(account.Name)
+ secretData[constant.AccountPasswdForSecret] = t.generatePassword(account)
}
- return t.buildAccountSecretWithPassword(synthesizeComp, account, password), nil
+ return t.buildAccountSecretWithPassword(synthesizeComp, account, secretData), nil
}
-func (t *componentAccountTransformer) getPasswordFromSecret(ctx graph.TransformContext, account appsv1alpha1.SystemAccount) ([]byte, error) {
+func (t *componentAccountTransformer) replaceSecretData(ctx graph.TransformContext, account appsv1alpha1.SystemAccount) (map[string][]byte, error) {
secretKey := types.NamespacedName{
Namespace: account.SecretRef.Namespace,
Name: account.SecretRef.Name,
@@ -108,9 +112,38 @@ func (t *componentAccountTransformer) getPasswordFromSecret(ctx graph.TransformC
return nil, err
}
if len(secret.Data) == 0 || len(secret.Data[constant.AccountPasswdForSecret]) == 0 {
- return nil, fmt.Errorf("referenced account secret has no required credential field")
+ return nil, fmt.Errorf(`referenced account secret has no required credential field "%s"`, constant.AccountPasswdForSecret)
+ }
+
+ replaceVarObjects := func(v *string, origValue string, varObjectsMap map[string]string) {
+ toReplace := origValue
+ for j, r := range varObjectsMap {
+ replaced := strings.ReplaceAll(toReplace, j, r)
+ if replaced == toReplace {
+ continue
+ }
+ toReplace = replaced
+ *v = replaced
+ }
}
- return secret.Data[constant.AccountPasswdForSecret], nil
+
+ // only replace the value.
+ replaceData := func(varObjectsMap map[string]string) {
+ for k, v := range secret.Data {
+ vStr := string(v)
+ if !strings.Contains(vStr, "$(") {
+ continue
+ }
+ origValue := vStr
+ replaceVarObjects(&vStr, origValue, varObjectsMap)
+ secret.Data[k] = []byte(vStr)
+ }
+ }
+
+ // TODO: compatible restore Password
+ m := factory.BuildBuiltInObjsMapForSecret(false, "")
+ replaceData(m)
+ return secret.Data, nil
}
func (t *componentAccountTransformer) generatePassword(account appsv1alpha1.SystemAccount) []byte {
@@ -126,14 +159,13 @@ func (t *componentAccountTransformer) generatePassword(account appsv1alpha1.Syst
}
func (t *componentAccountTransformer) buildAccountSecretWithPassword(synthesizeComp *component.SynthesizedComponent,
- account appsv1alpha1.SystemAccount, password []byte) *corev1.Secret {
+ account appsv1alpha1.SystemAccount, data map[string][]byte) *corev1.Secret {
secretName := constant.GenerateAccountSecretName(synthesizeComp.ClusterName, synthesizeComp.Name, account.Name)
labels := constant.GetComponentWellKnownLabels(synthesizeComp.ClusterName, synthesizeComp.Name)
return builder.NewSecretBuilder(synthesizeComp.Namespace, secretName).
AddLabelsInMap(labels).
AddLabels(constant.ClusterAccountLabelKey, account.Name).
- PutData(constant.AccountNameForSecret, []byte(account.Name)).
- PutData(constant.AccountPasswdForSecret, password).
+ SetData(data).
SetImmutable(true).
GetObject()
}
diff --git a/controllers/apps/transformer_component_account_provision.go b/controllers/apps/transformer_component_account_provision.go
index f96cc2be77ae..554c9c00c324 100644
--- a/controllers/apps/transformer_component_account_provision.go
+++ b/controllers/apps/transformer_component_account_provision.go
@@ -65,10 +65,15 @@ func (t *componentAccountProvisionTransformer) Transform(ctx graph.TransformCont
return nil
}
+ // TODO: support custom handler for account
+ // TODO: build lorry client if accountProvision is built-in
lorryCli, err := t.buildLorryClient(transCtx)
if err != nil {
return err
}
+ if lorryCli == nil {
+ return nil
+ }
for _, account := range transCtx.SynthesizeComponent.SystemAccounts {
if t.isAccountProvisioned(cond, account) {
continue
@@ -164,7 +169,7 @@ func (t *componentAccountProvisionTransformer) buildLorryClient(transCtx *compon
}
}
if roleName == "" {
- return nil, fmt.Errorf("unable to find appropriate pods to create accounts")
+ return nil, nil
}
podList, err := component.GetComponentPodListWithRole(transCtx.Context, transCtx.Client, *transCtx.Cluster, synthesizedComp.Name, roleName)
diff --git a/deploy/helm/config/rbac/role.yaml b/deploy/helm/config/rbac/role.yaml
index b746a1dfeebf..54e0e79e6b2f 100644
--- a/deploy/helm/config/rbac/role.yaml
+++ b/deploy/helm/config/rbac/role.yaml
@@ -297,6 +297,32 @@ rules:
- get
- patch
- update
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - apps.kubeblocks.io
+ resources:
+ - opsdefinitions/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- apps.kubeblocks.io
resources:
diff --git a/deploy/helm/crds/apps.kubeblocks.io_componentdefinitions.yaml b/deploy/helm/crds/apps.kubeblocks.io_componentdefinitions.yaml
index 1431ba7dbb5b..8a8e19eae9ee 100644
--- a/deploy/helm/crds/apps.kubeblocks.io_componentdefinitions.yaml
+++ b/deploy/helm/crds/apps.kubeblocks.io_componentdefinitions.yaml
@@ -11653,8 +11653,14 @@ spec:
type: integer
type: object
secretRef:
- description: SecretRef specifies the secret from which data
+ description: 'SecretRef specifies the secret from which data
will be copied to create the new account. Cannot be updated.
+ And will replace the built-in objects in the secret: - `$(RANDOM_PASSWD)`
+ - random 8 characters. - `$(UUID)` - generate a random UUID
+ v4 string. - `$(UUID_B64)` - generate a random UUID v4 BASE64
+ encoded string. - `$(UUID_STR_B64)` - generate a random UUID
+ v4 string then BASE64 encoded. - `$(UUID_HEX)` - generate
+ a random UUID v4 HEX representation.'
properties:
name:
description: name refers to the name of the secret.
diff --git a/deploy/helm/crds/apps.kubeblocks.io_opsdefinitions.yaml b/deploy/helm/crds/apps.kubeblocks.io_opsdefinitions.yaml
new file mode 100644
index 000000000000..0a4a1fcb96f1
--- /dev/null
+++ b/deploy/helm/crds/apps.kubeblocks.io_opsdefinitions.yaml
@@ -0,0 +1,8507 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.12.1
+ labels:
+ app.kubernetes.io/name: kubeblocks
+ name: opsdefinitions.apps.kubeblocks.io
+spec:
+ group: apps.kubeblocks.io
+ names:
+ categories:
+ - kubeblocks
+ - all
+ kind: OpsDefinition
+ listKind: OpsDefinitionList
+ plural: opsdefinitions
+ shortNames:
+ - od
+ singular: opsdefinition
+ scope: Cluster
+ versions:
+ - additionalPrinterColumns:
+ - description: Operation status phase.
+ jsonPath: .status.phase
+ name: STATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: AGE
+ type: date
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: OpsDefinition is the Schema for the opsdefinitions API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: OpsDefinitionSpec defines the desired state of OpsDefinition
+ properties:
+ componentDefinitionRefs:
+ description: componentDefinitionRefs indicates which types of componentDefinitions
+ are supported by the operation.
+ items:
+ properties:
+ connectionCredentialName:
+ description: the data of the specified connection credential
+ will be injected into env of the job. if not set, use the
+ first connection credential by default.
+ type: string
+ serviceKind:
+ description: ServiceKind defines what kind of well-known service
+ that the component provides (e.g., MySQL, Redis, ETCD, case
+ insensitive). reference componentDefinition.spec.
+ maxLength: 32
+ type: string
+ serviceName:
+ description: map the name and ports to KB_COMP_SVC_NAME and
+ KB_COMP_SVC_PORT_ in env of the job.
+ type: string
+ required:
+ - serviceKind
+ type: object
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - serviceKind
+ x-kubernetes-list-type: map
+ jobSpec:
+ description: jobSpec describes the job spec for the operation.
+ properties:
+ activeDeadlineSeconds:
+ description: Specifies the duration in seconds relative to the
+ startTime that the job may be continuously active before the
+ system tries to terminate it; value must be positive integer.
+ If a Job is suspended (at creation or through an update), this
+ timer will effectively be stopped and reset when the Job is
+ resumed again.
+ format: int64
+ type: integer
+ backoffLimit:
+ description: Specifies the number of retries before marking this
+ job failed. Defaults to 6
+ format: int32
+ type: integer
+ backoffLimitPerIndex:
+ description: Specifies the limit for the number of retries within
+ an index before marking this index as failed. When enabled the
+ number of failures per index is kept in the pod's batch.kubernetes.io/job-index-failure-count
+ annotation. It can only be set when Job's completionMode=Indexed,
+ and the Pod's restart policy is Never. The field is immutable.
+ This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default).
+ format: int32
+ type: integer
+ completionMode:
+ description: "completionMode specifies how Pod completions are
+ tracked. It can be `NonIndexed` (default) or `Indexed`. \n `NonIndexed`
+ means that the Job is considered complete when there have been
+ .spec.completions successfully completed Pods. Each Pod completion
+ is homologous to each other. \n `Indexed` means that the Pods
+ of a Job get an associated completion index from 0 to (.spec.completions
+ - 1), available in the annotation batch.kubernetes.io/job-completion-index.
+ The Job is considered complete when there is one successfully
+ completed Pod for each index. When value is `Indexed`, .spec.completions
+ must be specified and `.spec.parallelism` must be less than
+ or equal to 10^5. In addition, The Pod name takes the form `$(job-name)-$(index)-$(random-string)`,
+ the Pod hostname takes the form `$(job-name)-$(index)`. \n More
+ completion modes can be added in the future. If the Job controller
+ observes a mode that it doesn't recognize, which is possible
+ during upgrades due to version skew, the controller skips updates
+ for the Job."
+ type: string
+ completions:
+ description: 'Specifies the desired number of successfully finished
+ pods the job should be run with. Setting to null means that
+ the success of any pod signals the success of all pods, and
+ allows parallelism to have any positive value. Setting to 1
+ means that parallelism is limited to 1 and the success of that
+ pod signals the success of the job. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ format: int32
+ type: integer
+ manualSelector:
+ description: 'manualSelector controls generation of pod labels
+ and pod selectors. Leave `manualSelector` unset unless you are
+ certain what you are doing. When false or unset, the system
+ pick labels unique to this job and appends those labels to the
+ pod template. When true, the user is responsible for picking
+ unique labels and specifying the selector. Failure to pick
+ a unique label may cause this and other jobs to not function
+ correctly. However, You may see `manualSelector=true` in jobs
+ that were created with the old `extensions/v1beta1` API. More
+ info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector'
+ type: boolean
+ maxFailedIndexes:
+ description: Specifies the maximal number of failed indexes before
+ marking the Job as failed, when backoffLimitPerIndex is set.
+ Once the number of failed indexes exceeds this number the entire
+ Job is marked as Failed and its execution is terminated. When
+ left as null the job continues execution of all of its indexes
+ and is marked with the `Complete` Job condition. It can only
+ be specified when backoffLimitPerIndex is set. It can be null
+ or up to completions. It is required and must be less than or
+ equal to 10^4 when is completions greater than 10^5. This field
+ is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default).
+ format: int32
+ type: integer
+ parallelism:
+ description: 'Specifies the maximum desired number of pods the
+ job should run at any given time. The actual number of pods
+ running in steady state will be less than this number when ((.spec.completions
+ - .status.successful) < .spec.parallelism), i.e. when the work
+ left to do is less than max parallelism. More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ format: int32
+ type: integer
+ podFailurePolicy:
+ description: "Specifies the policy of handling failed pods. In
+ particular, it allows to specify the set of actions and conditions
+ which need to be satisfied to take the associated action. If
+ empty, the default behaviour applies - the counter of failed
+ pods, represented by the jobs's .status.failed field, is incremented
+ and it is checked against the backoffLimit. This field cannot
+ be used in combination with restartPolicy=OnFailure. \n This
+ field is beta-level. It can be used when the `JobPodFailurePolicy`
+ feature gate is enabled (enabled by default)."
+ properties:
+ rules:
+ description: A list of pod failure policy rules. The rules
+ are evaluated in order. Once a rule matches a Pod failure,
+ the remaining of the rules are ignored. When no rule matches
+ the Pod failure, the default handling applies - the counter
+ of pod failures is incremented and it is checked against
+ the backoffLimit. At most 20 elements are allowed.
+ items:
+ description: PodFailurePolicyRule describes how a pod failure
+ is handled when the requirements are met. One of onExitCodes
+ and onPodConditions, but not both, can be used in each
+ rule.
+ properties:
+ action:
+ description: "Specifies the action taken on a pod failure
+ when the requirements are satisfied. Possible values
+ are: \n - FailJob: indicates that the pod's job is
+ marked as Failed and all running pods are terminated.
+ - FailIndex: indicates that the pod's index is marked
+ as Failed and will not be restarted. This value is
+ alpha-level. It can be used when the `JobBackoffLimitPerIndex`
+ feature gate is enabled (disabled by default). - Ignore:
+ indicates that the counter towards the .backoffLimit
+ is not incremented and a replacement pod is created.
+ - Count: indicates that the pod is handled in the
+ default way - the counter towards the .backoffLimit
+ is incremented. Additional values are considered to
+ be added in the future. Clients should react to an
+ unknown action by skipping the rule."
+ type: string
+ onExitCodes:
+ description: Represents the requirement on the container
+ exit codes.
+ properties:
+ containerName:
+ description: Restricts the check for exit codes
+ to the container with the specified name. When
+ null, the rule applies to all containers. When
+ specified, it should match one the container or
+ initContainer names in the pod template.
+ type: string
+ operator:
+ description: "Represents the relationship between
+ the container exit code(s) and the specified values.
+ Containers completed with success (exit code 0)
+ are excluded from the requirement check. Possible
+ values are: \n - In: the requirement is satisfied
+ if at least one container exit code (might be
+ multiple if there are multiple containers not
+ restricted by the 'containerName' field) is in
+ the set of specified values. - NotIn: the requirement
+ is satisfied if at least one container exit code
+ (might be multiple if there are multiple containers
+ not restricted by the 'containerName' field) is
+ not in the set of specified values. Additional
+ values are considered to be added in the future.
+ Clients should react to an unknown operator by
+ assuming the requirement is not satisfied."
+ type: string
+ values:
+ description: Specifies the set of values. Each returned
+ container exit code (might be multiple in case
+ of multiple containers) is checked against this
+ set of values with respect to the operator. The
+ list of values must be ordered and must not contain
+ duplicates. Value '0' cannot be used for the In
+ operator. At least one element is required. At
+ most 255 elements are allowed.
+ items:
+ format: int32
+ type: integer
+ type: array
+ x-kubernetes-list-type: set
+ required:
+ - operator
+ - values
+ type: object
+ onPodConditions:
+ description: Represents the requirement on the pod conditions.
+ The requirement is represented as a list of pod condition
+ patterns. The requirement is satisfied if at least
+ one pattern matches an actual pod condition. At most
+ 20 elements are allowed.
+ items:
+ description: PodFailurePolicyOnPodConditionsPattern
+ describes a pattern for matching an actual pod condition
+ type.
+ properties:
+ status:
+ description: Specifies the required Pod condition
+ status. To match a pod condition it is required
+ that the specified status equals the pod condition
+ status. Defaults to True.
+ type: string
+ type:
+ description: Specifies the required Pod condition
+ type. To match a pod condition it is required
+ that specified type equals the pod condition
+ type.
+ type: string
+ required:
+ - status
+ - type
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - action
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - rules
+ type: object
+ podReplacementPolicy:
+ description: "podReplacementPolicy specifies when to create replacement
+ Pods. Possible values are: - TerminatingOrFailed means that
+ we recreate pods when they are terminating (has a metadata.deletionTimestamp)
+ or failed. - Failed means to wait until a previously created
+ Pod is fully terminated (has phase Failed or Succeeded) before
+ creating a replacement Pod. \n When using podFailurePolicy,
+ Failed is the the only allowed value. TerminatingOrFailed and
+ Failed are allowed values when podFailurePolicy is not in use.
+ This is an alpha field. Enable JobPodReplacementPolicy to be
+ able to use this field."
+ type: string
+ selector:
+ description: 'A label query over pods that should match the pod
+ count. Normally, the system sets this field for you. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector
+ that contains values, a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship
+ to a set of values. Valid operators are In, NotIn,
+ Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If
+ the operator is In or NotIn, the values array must
+ be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced
+ during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A
+ single {key,value} in the matchLabels map is equivalent
+ to an element of matchExpressions, whose key field is "key",
+ the operator is "In", and the values array contains only
+ "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ suspend:
+ description: suspend specifies whether the Job controller should
+ create Pods or not. If a Job is created with suspend set to
+ true, no Pods are created by the Job controller. If a Job is
+ suspended after creation (i.e. the flag goes from false to true),
+ the Job controller will delete all active Pods associated with
+ this Job. Users must design their workload to gracefully handle
+ this. Suspending a Job will reset the StartTime field of the
+ Job, effectively resetting the ActiveDeadlineSeconds timer too.
+ Defaults to false.
+ type: boolean
+ template:
+ description: 'Describes the pod that will be created when executing
+ a job. The only allowed template.spec.restartPolicy values are
+ "Never" or "OnFailure". More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/'
+ properties:
+ metadata:
+ description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata'
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: 'Specification of the desired behavior of the
+ pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
+ properties:
+ activeDeadlineSeconds:
+ description: Optional duration in seconds the pod may
+ be active on the node relative to StartTime before the
+ system will actively try to mark it failed and kill
+ associated containers. Value must be a positive integer.
+ format: int64
+ type: integer
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a
+ node that violates one or more of the expressions.
+ The node that is most preferred is the one with
+ the greatest sum of weights, i.e. for each node
+ that meets all of the scheduling requirements
+ (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by
+ iterating through the elements of this field
+ and adding "weight" to the sum if the node matches
+ the corresponding matchExpressions; the node(s)
+ with the highest sum are the most preferred.
+ items:
+ description: An empty preferred scheduling term
+ matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling
+ term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time,
+ the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this
+ field cease to be met at some point during pod
+ execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod
+ from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: A null or empty node selector
+ term matches no objects. The requirements
+ of them are ANDed. The TopologySelectorTerm
+ type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector
+ requirements by node's labels.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchFields:
+ description: A list of node selector
+ requirements by node's fields.
+ items:
+ description: A node selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: Represents a key's
+ relationship to a set of values.
+ Valid operators are In, NotIn,
+ Exists, DoesNotExist. Gt, and
+ Lt.
+ type: string
+ values:
+ description: An array of string
+ values. If the operator is In
+ or NotIn, the values array must
+ be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ If the operator is Gt or Lt,
+ the values array must have a
+ single element, which will be
+ interpreted as an integer. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone,
+ etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the affinity expressions
+ specified by this field, but it may choose a
+ node that violates one or more of the expressions.
+ The node that is most preferred is the one with
+ the greatest sum of weights, i.e. for each node
+ that meets all of the scheduling requirements
+ (resource request, requiredDuringScheduling
+ affinity expressions, etc.), compute a sum by
+ iterating through the elements of this field
+ and adding "weight" to the sum if the node has
+ pods which matches the corresponding podAffinityTerm;
+ the node(s) with the highest sum are the most
+ preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set
+ of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where
+ co-located is defined as running on
+ a node whose value of the label with
+ key topologyKey matches that of any
+ node on which any of the selected
+ pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the affinity requirements specified
+ by this field are not met at scheduling time,
+ the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this
+ field cease to be met at some point during pod
+ execution (e.g. due to a pod label update),
+ the system may or may not try to eventually
+ evict the pod from its node. When there are
+ multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the
+ given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity)
+ with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on
+ which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: The scheduler will prefer to schedule
+ pods to nodes that satisfy the anti-affinity
+ expressions specified by this field, but it
+ may choose a node that violates one or more
+ of the expressions. The node that is most preferred
+ is the one with the greatest sum of weights,
+ i.e. for each node that meets all of the scheduling
+ requirements (resource request, requiredDuringScheduling
+ anti-affinity expressions, etc.), compute a
+ sum by iterating through the elements of this
+ field and adding "weight" to the sum if the
+ node has pods which matches the corresponding
+ podAffinityTerm; the node(s) with the highest
+ sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: A label query over a set
+ of resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the
+ set of namespaces that the term applies
+ to. The term is applied to the union
+ of the namespaces selected by this
+ field and the ones listed in the namespaces
+ field. null selector and null or empty
+ namespaces list means "this pod's
+ namespace". An empty selector ({})
+ matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a
+ static list of namespace names that
+ the term applies to. The term is applied
+ to the union of the namespaces listed
+ in this field and the ones selected
+ by namespaceSelector. null or empty
+ namespaces list and null namespaceSelector
+ means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where
+ co-located is defined as running on
+ a node whose value of the label with
+ key topologyKey matches that of any
+ node on which any of the selected
+ pods is running. Empty topologyKey
+ is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: weight associated with matching
+ the corresponding podAffinityTerm, in
+ the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: If the anti-affinity requirements
+ specified by this field are not met at scheduling
+ time, the pod will not be scheduled onto the
+ node. If the anti-affinity requirements specified
+ by this field cease to be met at some point
+ during pod execution (e.g. due to a pod label
+ update), the system may or may not try to eventually
+ evict the pod from its node. When there are
+ multiple elements, the lists of nodes corresponding
+ to each podAffinityTerm are intersected, i.e.
+ all terms must be satisfied.
+ items:
+ description: Defines a set of pods (namely those
+ matching the labelSelector relative to the
+ given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity)
+ with, where co-located is defined as running
+ on a node whose value of the label with key
+ matches that of any node on
+ which a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: A label query over a set of
+ resources, in this case pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaceSelector:
+ description: A label query over the set
+ of namespaces that the term applies to.
+ The term is applied to the union of the
+ namespaces selected by this field and
+ the ones listed in the namespaces field.
+ null selector and null or empty namespaces
+ list means "this pod's namespace". An
+ empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values,
+ a key, and an operator that relates
+ the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to a set
+ of values. Valid operators are
+ In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array
+ of string values. If the operator
+ is In or NotIn, the values array
+ must be non-empty. If the operator
+ is Exists or DoesNotExist, the
+ values array must be empty.
+ This array is replaced during
+ a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of
+ {key,value} pairs. A single {key,value}
+ in the matchLabels map is equivalent
+ to an element of matchExpressions,
+ whose key field is "key", the operator
+ is "In", and the values array contains
+ only "value". The requirements are
+ ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: namespaces specifies a static
+ list of namespace names that the term
+ applies to. The term is applied to the
+ union of the namespaces listed in this
+ field and the ones selected by namespaceSelector.
+ null or empty namespaces list and null
+ namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ topologyKey:
+ description: This pod should be co-located
+ (affinity) or not co-located (anti-affinity)
+ with the pods matching the labelSelector
+ in the specified namespaces, where co-located
+ is defined as running on a node whose
+ value of the label with key topologyKey
+ matches that of any node on which any
+ of the selected pods is running. Empty
+ topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ type: object
+ type: object
+ automountServiceAccountToken:
+ description: AutomountServiceAccountToken indicates whether
+ a service account token should be automatically mounted.
+ type: boolean
+ containers:
+ description: List of containers belonging to the pod.
+ Containers cannot currently be added or removed. There
+ must be at least one container in a Pod. Cannot be updated.
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is
+ used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as
+ a DNS_LABEL. Each container in a pod must have
+ a unique name (DNS_LABEL). Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that
+ port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container
+ will be accessible from the network. Modifying
+ this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from service
+ endpoints if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: 'Compute Resources required by this
+ container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart
+ behavior of individual containers in a pod. This
+ field may only be set for init containers, and
+ the only allowed value is "Always". For non-init
+ containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s
+ restart policy and the container type. Setting
+ the RestartPolicy as "Always" for the init container
+ will have the following effect: this init container
+ will be continually restarted on exit until all
+ regular containers have terminated. Once all regular
+ containers have completed, all init containers
+ with restartPolicy "Always" will be shut down.
+ This lifecycle differs from normal init containers
+ and is often referred to as a "sidecar" container.
+ Although this init container still starts in the
+ init container sequence, it does not wait for
+ the container to complete before proceeding to
+ the next init container. Instead, the next init
+ container starts immediately after this init container
+ is started, or after any startupProbe has successfully
+ completed.'
+ type: string
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with. If set,
+ the fields of SecurityContext override the equivalent
+ fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod
+ has successfully initialized. If specified, no
+ other probes are executed until this completes
+ successfully. If this probe fails, the Pod will
+ be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it
+ might take a long time to load data or warm a
+ cache, than during steady-state operation. This
+ cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ dnsConfig:
+ description: Specifies the DNS parameters of a pod. Parameters
+ specified here will be merged to the generated DNS configuration
+ based on DNSPolicy.
+ properties:
+ nameservers:
+ description: A list of DNS name server IP addresses.
+ This will be appended to the base nameservers generated
+ from DNSPolicy. Duplicated nameservers will be removed.
+ items:
+ type: string
+ type: array
+ options:
+ description: A list of DNS resolver options. This
+ will be merged with the base options generated from
+ DNSPolicy. Duplicated entries will be removed. Resolution
+ options given in Options will override those that
+ appear in the base DNSPolicy.
+ items:
+ description: PodDNSConfigOption defines DNS resolver
+ options of a pod.
+ properties:
+ name:
+ description: Required.
+ type: string
+ value:
+ type: string
+ type: object
+ type: array
+ searches:
+ description: A list of DNS search domains for host-name
+ lookup. This will be appended to the base search
+ paths generated from DNSPolicy. Duplicated search
+ paths will be removed.
+ items:
+ type: string
+ type: array
+ type: object
+ dnsPolicy:
+ description: Set DNS policy for the pod. Defaults to "ClusterFirst".
+ Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst',
+ 'Default' or 'None'. DNS parameters given in DNSConfig
+ will be merged with the policy selected with DNSPolicy.
+ To have DNS options set along with hostNetwork, you
+ have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.
+ type: string
+ enableServiceLinks:
+ description: 'EnableServiceLinks indicates whether information
+ about services should be injected into pod''s environment
+ variables, matching the syntax of Docker links. Optional:
+ Defaults to true.'
+ type: boolean
+ ephemeralContainers:
+ description: List of ephemeral containers run in this
+ pod. Ephemeral containers may be run in an existing
+ pod to perform user-initiated actions such as debugging.
+ This list cannot be specified when creating a pod, and
+ it cannot be modified by updating the pod spec. In order
+ to add an ephemeral container to an existing pod, use
+ the pod's ephemeralcontainers subresource.
+ items:
+ description: "An EphemeralContainer is a temporary container
+ that you may add to an existing Pod for user-initiated
+ activities such as debugging. Ephemeral containers
+ have no resource or scheduling guarantees, and they
+ will not be restarted when they exit or when a Pod
+ is removed or restarted. The kubelet may evict a Pod
+ if an ephemeral container causes the Pod to exceed
+ its resource allocation. \n To add an ephemeral container,
+ use the ephemeralcontainers subresource of an existing
+ Pod. Ephemeral containers may not be removed or restarted."
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The image''s
+ CMD is used if this is not provided. Variable
+ references $(VAR_NAME) are expanded using the
+ container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The image''s ENTRYPOINT is used if this
+ is not provided. Variable references $(VAR_NAME)
+ are expanded using the container''s environment.
+ If a variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows for
+ escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Lifecycle is not allowed for ephemeral
+ containers.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the ephemeral container specified
+ as a DNS_LABEL. This name must be unique among
+ all containers, init containers and ephemeral
+ containers.
+ type: string
+ ports:
+ description: Ports are not allowed for ephemeral
+ containers.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: Resources are not allowed for ephemeral
+ containers. Ephemeral containers use spare resources
+ already allocated to the pod.
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: Restart policy for the container to
+ manage the restart behavior of each container
+ within a pod. This may only be set for init containers.
+ You cannot set this field on ephemeral containers.
+ type: string
+ securityContext:
+ description: 'Optional: SecurityContext defines
+ the security options the ephemeral container should
+ be run with. If set, the fields of SecurityContext
+ override the equivalent fields of PodSecurityContext.'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: Probes are not allowed for ephemeral
+ containers.
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ targetContainerName:
+ description: "If set, the name of the container
+ from PodSpec that this ephemeral container targets.
+ The ephemeral container will be run in the namespaces
+ (IPC, PID, etc) of this container. If not set
+ then the ephemeral container uses the namespaces
+ configured in the Pod spec. \n The container runtime
+ must implement support for this feature. If the
+ runtime does not support namespace targeting then
+ the result of setting this field is undefined."
+ type: string
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Subpath mounts are not allowed for
+ ephemeral containers. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ hostAliases:
+ description: HostAliases is an optional list of hosts
+ and IPs that will be injected into the pod's hosts file
+ if specified. This is only valid for non-hostNetwork
+ pods.
+ items:
+ description: HostAlias holds the mapping between IP
+ and hostnames that will be injected as an entry in
+ the pod's hosts file.
+ properties:
+ hostnames:
+ description: Hostnames for the above IP address.
+ items:
+ type: string
+ type: array
+ ip:
+ description: IP address of the host file entry.
+ type: string
+ type: object
+ type: array
+ hostIPC:
+ description: 'Use the host''s ipc namespace. Optional:
+ Default to false.'
+ type: boolean
+ hostNetwork:
+ description: Host networking requested for this pod. Use
+ the host's network namespace. If this option is set,
+ the ports that will be used must be specified. Default
+ to false.
+ type: boolean
+ hostPID:
+ description: 'Use the host''s pid namespace. Optional:
+ Default to false.'
+ type: boolean
+ hostUsers:
+ description: 'Use the host''s user namespace. Optional:
+ Default to true. If set to true or not present, the
+ pod will be run in the host user namespace, useful for
+ when the pod needs a feature only available to the host
+ user namespace, such as loading a kernel module with
+ CAP_SYS_MODULE. When set to false, a new userns is created
+ for the pod. Setting false is useful for mitigating
+ container breakout vulnerabilities even allowing users
+ to run their containers as root without actually having
+ root privileges on the host. This field is alpha-level
+ and is only honored by servers that enable the UserNamespacesSupport
+ feature.'
+ type: boolean
+ hostname:
+ description: Specifies the hostname of the Pod If not
+ specified, the pod's hostname will be set to a system-defined
+ value.
+ type: string
+ imagePullSecrets:
+ description: 'ImagePullSecrets is an optional list of
+ references to secrets in the same namespace to use for
+ pulling any of the images used by this PodSpec. If specified,
+ these secrets will be passed to individual puller implementations
+ for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod'
+ items:
+ description: LocalObjectReference contains enough information
+ to let you locate the referenced object inside the
+ same namespace.
+ properties:
+ name:
+ description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion, kind,
+ uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ initContainers:
+ description: 'List of initialization containers belonging
+ to the pod. Init containers are executed in order prior
+ to containers being started. If any init container fails,
+ the pod is considered to have failed and is handled
+ according to its restartPolicy. The name for an init
+ container or normal container must be unique among all
+ containers. Init containers may not have Lifecycle actions,
+ Readiness probes, Liveness probes, or Startup probes.
+ The resourceRequirements of an init container are taken
+ into account during scheduling by finding the highest
+ request/limit for each resource type, and then using
+ the max of of that value or the sum of the normal containers.
+ Limits are applied to init containers in a similar fashion.
+ Init containers cannot currently be added or removed.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/'
+ items:
+ description: A single application container that you
+ want to run within a pod.
+ properties:
+ args:
+ description: 'Arguments to the entrypoint. The container
+ image''s CMD is used if this is not provided.
+ Variable references $(VAR_NAME) are expanded using
+ the container''s environment. If a variable cannot
+ be resolved, the reference in the input string
+ will be unchanged. Double $$ are reduced to a
+ single $, which allows for escaping the $(VAR_NAME)
+ syntax: i.e. "$$(VAR_NAME)" will produce the string
+ literal "$(VAR_NAME)". Escaped references will
+ never be expanded, regardless of whether the variable
+ exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ command:
+ description: 'Entrypoint array. Not executed within
+ a shell. The container image''s ENTRYPOINT is
+ used if this is not provided. Variable references
+ $(VAR_NAME) are expanded using the container''s
+ environment. If a variable cannot be resolved,
+ the reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless
+ of whether the variable exists or not. Cannot
+ be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell'
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container. Cannot be updated.
+ items:
+ description: EnvVar represents an environment
+ variable present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME)
+ are expanded using the previously defined
+ environment variables in the container and
+ any service environment variables. If a
+ variable cannot be resolved, the reference
+ in the input string will be unchanged. Double
+ $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal
+ "$(VAR_NAME)". Escaped references will never
+ be expanded, regardless of whether the variable
+ exists or not. Defaults to "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod:
+ supports metadata.name, metadata.namespace,
+ `metadata.labels['''']`, `metadata.annotations['''']`,
+ spec.nodeName, spec.serviceAccountName,
+ status.hostIP, status.podIP, status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret
+ in the pod's namespace
+ properties:
+ key:
+ description: The key of the secret
+ to select from. Must be a valid
+ secret key.
+ type: string
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ envFrom:
+ description: List of sources to populate environment
+ variables in the container. The keys defined within
+ a source must be a C_IDENTIFIER. All invalid keys
+ will be reported as an event when the container
+ is starting. When a key exists in multiple sources,
+ the value associated with the last source will
+ take precedence. Values defined by an Env with
+ a duplicate key will take precedence. Cannot be
+ updated.
+ items:
+ description: EnvFromSource represents the source
+ of a set of ConfigMaps
+ properties:
+ configMapRef:
+ description: The ConfigMap to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ prefix:
+ description: An optional identifier to prepend
+ to each key in the ConfigMap. Must be a
+ C_IDENTIFIER.
+ type: string
+ secretRef:
+ description: The Secret to select from
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret
+ must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: array
+ image:
+ description: 'Container image name. More info: https://kubernetes.io/docs/concepts/containers/images
+ This field is optional to allow higher level config
+ management to default or override container images
+ in workload controllers like Deployments and StatefulSets.'
+ type: string
+ imagePullPolicy:
+ description: 'Image pull policy. One of Always,
+ Never, IfNotPresent. Defaults to Always if :latest
+ tag is specified, or IfNotPresent otherwise. Cannot
+ be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images'
+ type: string
+ lifecycle:
+ description: Actions that the management system
+ should take in response to container lifecycle
+ events. Cannot be updated.
+ properties:
+ postStart:
+ description: 'PostStart is called immediately
+ after a container is created. If the handler
+ fails, the container is terminated and restarted
+ according to its restart policy. Other management
+ of the container blocks until the hook completes.
+ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ preStop:
+ description: 'PreStop is called immediately
+ before a container is terminated due to an
+ API request or management event such as liveness/startup
+ probe failure, preemption, resource contention,
+ etc. The handler is not called if the container
+ crashes or exits. The Pod''s termination grace
+ period countdown begins before the PreStop
+ hook is executed. Regardless of the outcome
+ of the handler, the container will eventually
+ terminate within the Pod''s termination grace
+ period (unless delayed by finalizers). Other
+ management of the container blocks until the
+ hook completes or until the termination grace
+ period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks'
+ properties:
+ exec:
+ description: Exec specifies the action to
+ take.
+ properties:
+ command:
+ description: Command is the command
+ line to execute inside the container,
+ the working directory for the command is
+ root ('/') in the container's filesystem.
+ The command is simply exec'd, it is
+ not run inside a shell, so traditional
+ shell instructions ('|', etc) won't
+ work. To use a shell, you need to
+ explicitly call out to that shell.
+ Exit status of 0 is treated as live/healthy
+ and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http
+ request to perform.
+ properties:
+ host:
+ description: Host name to connect to,
+ defaults to the pod IP. You probably
+ want to set "Host" in httpHeaders
+ instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in
+ the request. HTTP allows repeated
+ headers.
+ items:
+ description: HTTPHeader describes
+ a custom header to be used in HTTP
+ probes
+ properties:
+ name:
+ description: The header field
+ name. This will be canonicalized
+ upon output, so case-variant
+ names will be understood as
+ the same header.
+ type: string
+ value:
+ description: The header field
+ value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ tcpSocket:
+ description: Deprecated. TCPSocket is NOT
+ supported as a LifecycleHandler and kept
+ for the backward compatibility. There
+ are no validation of this field and lifecycle
+ hooks will fail in runtime when tcp handler
+ is specified.
+ properties:
+ host:
+ description: 'Optional: Host name to
+ connect to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number
+ must be in the range 1 to 65535. Name
+ must be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ description: 'Periodic probe of container liveness.
+ Container will be restarted if the probe fails.
+ Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ name:
+ description: Name of the container specified as
+ a DNS_LABEL. Each container in a pod must have
+ a unique name (DNS_LABEL). Cannot be updated.
+ type: string
+ ports:
+ description: List of ports to expose from the container.
+ Not specifying a port here DOES NOT prevent that
+ port from being exposed. Any port which is listening
+ on the default "0.0.0.0" address inside a container
+ will be accessible from the network. Modifying
+ this array with strategic merge patch may corrupt
+ the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+ Cannot be updated.
+ items:
+ description: ContainerPort represents a network
+ port in a single container.
+ properties:
+ containerPort:
+ description: Number of port to expose on the
+ pod's IP address. This must be a valid port
+ number, 0 < x < 65536.
+ format: int32
+ type: integer
+ hostIP:
+ description: What host IP to bind the external
+ port to.
+ type: string
+ hostPort:
+ description: Number of port to expose on the
+ host. If specified, this must be a valid
+ port number, 0 < x < 65536. If HostNetwork
+ is specified, this must match ContainerPort.
+ Most containers do not need this.
+ format: int32
+ type: integer
+ name:
+ description: If specified, this must be an
+ IANA_SVC_NAME and unique within the pod.
+ Each named port in a pod must have a unique
+ name. Name for the port that can be referred
+ to by services.
+ type: string
+ protocol:
+ default: TCP
+ description: Protocol for port. Must be UDP,
+ TCP, or SCTP. Defaults to "TCP".
+ type: string
+ required:
+ - containerPort
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - containerPort
+ - protocol
+ x-kubernetes-list-type: map
+ readinessProbe:
+ description: 'Periodic probe of container service
+ readiness. Container will be removed from service
+ endpoints if the probe fails. Cannot be updated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ resizePolicy:
+ description: Resources resize policy for the container.
+ items:
+ description: ContainerResizePolicy represents
+ resource resize policy for the container.
+ properties:
+ resourceName:
+ description: 'Name of the resource to which
+ this resource resize policy applies. Supported
+ values: cpu, memory.'
+ type: string
+ restartPolicy:
+ description: Restart policy to apply when
+ specified resource is resized. If not specified,
+ it defaults to NotRequired.
+ type: string
+ required:
+ - resourceName
+ - restartPolicy
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ resources:
+ description: 'Compute Resources required by this
+ container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ properties:
+ claims:
+ description: "Claims lists the names of resources,
+ defined in spec.resourceClaims, that are used
+ by this container. \n This is an alpha field
+ and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable.
+ It can only be set for containers."
+ items:
+ description: ResourceClaim references one
+ entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match the name
+ of one entry in pod.spec.resourceClaims
+ of the Pod where this field is used.
+ It makes that resource available inside
+ a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the maximum amount
+ of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes the minimum
+ amount of compute resources required. If Requests
+ is omitted for a container, it defaults to
+ Limits if that is explicitly specified, otherwise
+ to an implementation-defined value. Requests
+ cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ restartPolicy:
+ description: 'RestartPolicy defines the restart
+ behavior of individual containers in a pod. This
+ field may only be set for init containers, and
+ the only allowed value is "Always". For non-init
+ containers or when this field is not specified,
+ the restart behavior is defined by the Pod''s
+ restart policy and the container type. Setting
+ the RestartPolicy as "Always" for the init container
+ will have the following effect: this init container
+ will be continually restarted on exit until all
+ regular containers have terminated. Once all regular
+ containers have completed, all init containers
+ with restartPolicy "Always" will be shut down.
+ This lifecycle differs from normal init containers
+ and is often referred to as a "sidecar" container.
+ Although this init container still starts in the
+ init container sequence, it does not wait for
+ the container to complete before proceeding to
+ the next init container. Instead, the next init
+ container starts immediately after this init container
+ is started, or after any startupProbe has successfully
+ completed.'
+ type: string
+ securityContext:
+ description: 'SecurityContext defines the security
+ options the container should be run with. If set,
+ the fields of SecurityContext override the equivalent
+ fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/'
+ properties:
+ allowPrivilegeEscalation:
+ description: 'AllowPrivilegeEscalation controls
+ whether a process can gain more privileges
+ than its parent process. This bool directly
+ controls if the no_new_privs flag will be
+ set on the container process. AllowPrivilegeEscalation
+ is true always when the container is: 1) run
+ as Privileged 2) has CAP_SYS_ADMIN Note that
+ this field cannot be set when spec.os.name
+ is windows.'
+ type: boolean
+ capabilities:
+ description: The capabilities to add/drop when
+ running containers. Defaults to the default
+ set of capabilities granted by the container
+ runtime. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ add:
+ description: Added capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ drop:
+ description: Removed capabilities
+ items:
+ description: Capability represent POSIX
+ capabilities type
+ type: string
+ type: array
+ type: object
+ privileged:
+ description: Run container in privileged mode.
+ Processes in privileged containers are essentially
+ equivalent to root on the host. Defaults to
+ false. Note that this field cannot be set
+ when spec.os.name is windows.
+ type: boolean
+ procMount:
+ description: procMount denotes the type of proc
+ mount to use for the containers. The default
+ is DefaultProcMount which uses the container
+ runtime defaults for readonly paths and masked
+ paths. This requires the ProcMountType feature
+ flag to be enabled. Note that this field cannot
+ be set when spec.os.name is windows.
+ type: string
+ readOnlyRootFilesystem:
+ description: Whether this container has a read-only
+ root filesystem. Default is false. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ type: boolean
+ runAsGroup:
+ description: The GID to run the entrypoint of
+ the container process. Uses runtime default
+ if unset. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must
+ run as a non-root user. If true, the Kubelet
+ will validate the image at runtime to ensure
+ that it does not run as UID 0 (root) and fail
+ to start the container if it does. If unset
+ or false, no such validation will be performed.
+ May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of
+ the container process. Defaults to user specified
+ in image metadata if unspecified. May also
+ be set in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the
+ value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied
+ to the container. If unspecified, the container
+ runtime will allocate a random SELinux context
+ for each container. May also be set in PodSecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label
+ that applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label
+ that applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label
+ that applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label
+ that applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by this
+ container. If seccomp options are provided
+ at both the pod & container level, the container
+ options override the pod options. Note that
+ this field cannot be set when spec.os.name
+ is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates
+ a profile defined in a file on the node
+ should be used. The profile must be preconfigured
+ on the node to work. Must be a descending
+ path, relative to the kubelet's configured
+ seccomp profile location. Must be set
+ if type is "Localhost". Must NOT be set
+ for any other type.
+ type: string
+ type:
+ description: "type indicates which kind
+ of seccomp profile will be applied. Valid
+ options are: \n Localhost - a profile
+ defined in a file on the node should be
+ used. RuntimeDefault - the container runtime
+ default profile should be used. Unconfined
+ - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options
+ from the PodSecurityContext will be used.
+ If set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence. Note that this field cannot be
+ set when spec.os.name is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where
+ the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName
+ field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the
+ name of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a
+ container should be run as a 'Host Process'
+ container. All of a Pod's containers must
+ have the same effective HostProcess value
+ (it is not allowed to have a mix of HostProcess
+ containers and non-HostProcess containers).
+ In addition, if HostProcess is true then
+ HostNetwork must also be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to
+ run the entrypoint of the container process.
+ Defaults to the user specified in image
+ metadata if unspecified. May also be set
+ in PodSecurityContext. If set in both
+ SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext
+ takes precedence.
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ description: 'StartupProbe indicates that the Pod
+ has successfully initialized. If specified, no
+ other probes are executed until this completes
+ successfully. If this probe fails, the Pod will
+ be restarted, just as if the livenessProbe failed.
+ This can be used to provide different probe parameters
+ at the beginning of a Pod''s lifecycle, when it
+ might take a long time to load data or warm a
+ cache, than during steady-state operation. This
+ cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ properties:
+ exec:
+ description: Exec specifies the action to take.
+ properties:
+ command:
+ description: Command is the command line
+ to execute inside the container, the working
+ directory for the command is root ('/')
+ in the container's filesystem. The command
+ is simply exec'd, it is not run inside
+ a shell, so traditional shell instructions
+ ('|', etc) won't work. To use a shell,
+ you need to explicitly call out to that
+ shell. Exit status of 0 is treated as
+ live/healthy and non-zero is unhealthy.
+ items:
+ type: string
+ type: array
+ type: object
+ failureThreshold:
+ description: Minimum consecutive failures for
+ the probe to be considered failed after having
+ succeeded. Defaults to 3. Minimum value is
+ 1.
+ format: int32
+ type: integer
+ grpc:
+ description: GRPC specifies an action involving
+ a GRPC port.
+ properties:
+ port:
+ description: Port number of the gRPC service.
+ Number must be in the range 1 to 65535.
+ format: int32
+ type: integer
+ service:
+ description: "Service is the name of the
+ service to place in the gRPC HealthCheckRequest
+ (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+ \n If this is not specified, the default
+ behavior is defined by gRPC."
+ type: string
+ required:
+ - port
+ type: object
+ httpGet:
+ description: HTTPGet specifies the http request
+ to perform.
+ properties:
+ host:
+ description: Host name to connect to, defaults
+ to the pod IP. You probably want to set
+ "Host" in httpHeaders instead.
+ type: string
+ httpHeaders:
+ description: Custom headers to set in the
+ request. HTTP allows repeated headers.
+ items:
+ description: HTTPHeader describes a custom
+ header to be used in HTTP probes
+ properties:
+ name:
+ description: The header field name.
+ This will be canonicalized upon
+ output, so case-variant names will
+ be understood as the same header.
+ type: string
+ value:
+ description: The header field value
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ path:
+ description: Path to access on the HTTP
+ server.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Name or number of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ scheme:
+ description: Scheme to use for connecting
+ to the host. Defaults to HTTP.
+ type: string
+ required:
+ - port
+ type: object
+ initialDelaySeconds:
+ description: 'Number of seconds after the container
+ has started before liveness probes are initiated.
+ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ periodSeconds:
+ description: How often (in seconds) to perform
+ the probe. Default to 10 seconds. Minimum
+ value is 1.
+ format: int32
+ type: integer
+ successThreshold:
+ description: Minimum consecutive successes for
+ the probe to be considered successful after
+ having failed. Defaults to 1. Must be 1 for
+ liveness and startup. Minimum value is 1.
+ format: int32
+ type: integer
+ tcpSocket:
+ description: TCPSocket specifies an action involving
+ a TCP port.
+ properties:
+ host:
+ description: 'Optional: Host name to connect
+ to, defaults to the pod IP.'
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Number or name of the port
+ to access on the container. Number must
+ be in the range 1 to 65535. Name must
+ be an IANA_SVC_NAME.
+ x-kubernetes-int-or-string: true
+ required:
+ - port
+ type: object
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the
+ pod needs to terminate gracefully upon probe
+ failure. The grace period is the duration
+ in seconds after the processes running in
+ the pod are sent a termination signal and
+ the time when the processes are forcibly halted
+ with a kill signal. Set this value longer
+ than the expected cleanup time for your process.
+ If this value is nil, the pod's terminationGracePeriodSeconds
+ will be used. Otherwise, this value overrides
+ the value provided by the pod spec. Value
+ must be non-negative integer. The value zero
+ indicates stop immediately via the kill signal
+ (no opportunity to shut down). This is a beta
+ field and requires enabling ProbeTerminationGracePeriod
+ feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds
+ is used if unset.
+ format: int64
+ type: integer
+ timeoutSeconds:
+ description: 'Number of seconds after which
+ the probe times out. Defaults to 1 second.
+ Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
+ format: int32
+ type: integer
+ type: object
+ stdin:
+ description: Whether this container should allocate
+ a buffer for stdin in the container runtime. If
+ this is not set, reads from stdin in the container
+ will always result in EOF. Default is false.
+ type: boolean
+ stdinOnce:
+ description: Whether the container runtime should
+ close the stdin channel after it has been opened
+ by a single attach. When stdin is true the stdin
+ stream will remain open across multiple attach
+ sessions. If stdinOnce is set to true, stdin is
+ opened on container start, is empty until the
+ first client attaches to stdin, and then remains
+ open and accepts data until the client disconnects,
+ at which time stdin is closed and remains closed
+ until the container is restarted. If this flag
+ is false, a container processes that reads from
+ stdin will never receive an EOF. Default is false
+ type: boolean
+ terminationMessagePath:
+ description: 'Optional: Path at which the file to
+ which the container''s termination message will
+ be written is mounted into the container''s filesystem.
+ Message written is intended to be brief final
+ status, such as an assertion failure message.
+ Will be truncated by the node if greater than
+ 4096 bytes. The total message length across all
+ containers will be limited to 12kb. Defaults to
+ /dev/termination-log. Cannot be updated.'
+ type: string
+ terminationMessagePolicy:
+ description: Indicate how the termination message
+ should be populated. File will use the contents
+ of terminationMessagePath to populate the container
+ status message on both success and failure. FallbackToLogsOnError
+ will use the last chunk of container log output
+ if the termination message file is empty and the
+ container exited with an error. The log output
+ is limited to 2048 bytes or 80 lines, whichever
+ is smaller. Defaults to File. Cannot be updated.
+ type: string
+ tty:
+ description: Whether this container should allocate
+ a TTY for itself, also requires 'stdin' to be
+ true. Default is false.
+ type: boolean
+ volumeDevices:
+ description: volumeDevices is the list of block
+ devices to be used by the container.
+ items:
+ description: volumeDevice describes a mapping
+ of a raw block device within a container.
+ properties:
+ devicePath:
+ description: devicePath is the path inside
+ of the container that the device will be
+ mapped to.
+ type: string
+ name:
+ description: name must match the name of a
+ persistentVolumeClaim in the pod
+ type: string
+ required:
+ - devicePath
+ - name
+ type: object
+ type: array
+ volumeMounts:
+ description: Pod volumes to mount into the container's
+ filesystem. Cannot be updated.
+ items:
+ description: VolumeMount describes a mounting
+ of a Volume within a container.
+ properties:
+ mountPath:
+ description: Path within the container at
+ which the volume should be mounted. Must
+ not contain ':'.
+ type: string
+ mountPropagation:
+ description: mountPropagation determines how
+ mounts are propagated from the host to container
+ and the other way around. When not set,
+ MountPropagationNone is used. This field
+ is beta in 1.10.
+ type: string
+ name:
+ description: This must match the Name of a
+ Volume.
+ type: string
+ readOnly:
+ description: Mounted read-only if true, read-write
+ otherwise (false or unspecified). Defaults
+ to false.
+ type: boolean
+ subPath:
+ description: Path within the volume from which
+ the container's volume should be mounted.
+ Defaults to "" (volume's root).
+ type: string
+ subPathExpr:
+ description: Expanded path within the volume
+ from which the container's volume should
+ be mounted. Behaves similarly to SubPath
+ but environment variable references $(VAR_NAME)
+ are expanded using the container's environment.
+ Defaults to "" (volume's root). SubPathExpr
+ and SubPath are mutually exclusive.
+ type: string
+ required:
+ - mountPath
+ - name
+ type: object
+ type: array
+ workingDir:
+ description: Container's working directory. If not
+ specified, the container runtime's default will
+ be used, which might be configured in the container
+ image. Cannot be updated.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ nodeName:
+ description: NodeName is a request to schedule this pod
+ onto a specific node. If it is non-empty, the scheduler
+ simply schedules this pod onto that node, assuming that
+ it fits resource requirements.
+ type: string
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: 'NodeSelector is a selector which must be
+ true for the pod to fit on a node. Selector which must
+ match a node''s labels for the pod to be scheduled on
+ that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/'
+ type: object
+ x-kubernetes-map-type: atomic
+ os:
+ description: "Specifies the OS of the containers in the
+ pod. Some pod and container fields are restricted if
+ this is set. \n If the OS field is set to linux, the
+ following fields must be unset: -securityContext.windowsOptions
+ \n If the OS field is set to windows, following fields
+ must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers
+ - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile
+ - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy
+ - spec.securityContext.sysctls - spec.shareProcessNamespace
+ - spec.securityContext.runAsUser - spec.securityContext.runAsGroup
+ - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions
+ - spec.containers[*].securityContext.seccompProfile
+ - spec.containers[*].securityContext.capabilities -
+ spec.containers[*].securityContext.readOnlyRootFilesystem
+ - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation
+ - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser
+ - spec.containers[*].securityContext.runAsGroup"
+ properties:
+ name:
+ description: 'Name is the name of the operating system.
+ The currently supported values are linux and windows.
+ Additional value may be defined in future and can
+ be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration
+ Clients should expect to handle additional values
+ and treat unrecognized values in this field as os:
+ null'
+ type: string
+ required:
+ - name
+ type: object
+ overhead:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Overhead represents the resource overhead
+ associated with running a pod for a given RuntimeClass.
+ This field will be autopopulated at admission time by
+ the RuntimeClass admission controller. If the RuntimeClass
+ admission controller is enabled, overhead must not be
+ set in Pod create requests. The RuntimeClass admission
+ controller will reject Pod create requests which have
+ the overhead already set. If RuntimeClass is configured
+ and selected in the PodSpec, Overhead will be set to
+ the value defined in the corresponding RuntimeClass,
+ otherwise it will remain unset and treated as zero.
+ More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md'
+ type: object
+ preemptionPolicy:
+ description: PreemptionPolicy is the Policy for preempting
+ pods with lower priority. One of Never, PreemptLowerPriority.
+ Defaults to PreemptLowerPriority if unset.
+ type: string
+ priority:
+ description: The priority value. Various system components
+ use this field to find the priority of the pod. When
+ Priority Admission Controller is enabled, it prevents
+ users from setting this field. The admission controller
+ populates this field from PriorityClassName. The higher
+ the value, the higher the priority.
+ format: int32
+ type: integer
+ priorityClassName:
+ description: If specified, indicates the pod's priority.
+ "system-node-critical" and "system-cluster-critical"
+ are two special keywords which indicate the highest
+ priorities with the former being the highest priority.
+ Any other name must be defined by creating a PriorityClass
+ object with that name. If not specified, the pod priority
+ will be default or zero if there is no default.
+ type: string
+ readinessGates:
+ description: 'If specified, all readiness gates will be
+ evaluated for pod readiness. A pod is ready when all
+ its containers are ready AND all conditions specified
+ in the readiness gates have status equal to "True" More
+ info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates'
+ items:
+ description: PodReadinessGate contains the reference
+ to a pod condition
+ properties:
+ conditionType:
+ description: ConditionType refers to a condition
+ in the pod's condition list with matching type.
+ type: string
+ required:
+ - conditionType
+ type: object
+ type: array
+ resourceClaims:
+ description: "ResourceClaims defines which ResourceClaims
+ must be allocated and reserved before the Pod is allowed
+ to start. The resources will be made available to those
+ containers which consume them by name. \n This is an
+ alpha field and requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is immutable."
+ items:
+ description: PodResourceClaim references exactly one
+ ResourceClaim through a ClaimSource. It adds a name
+ to it that uniquely identifies the ResourceClaim inside
+ the Pod. Containers that need access to the ResourceClaim
+ reference it with this name.
+ properties:
+ name:
+ description: Name uniquely identifies this resource
+ claim inside the pod. This must be a DNS_LABEL.
+ type: string
+ source:
+ description: Source describes where to find the
+ ResourceClaim.
+ properties:
+ resourceClaimName:
+ description: ResourceClaimName is the name of
+ a ResourceClaim object in the same namespace
+ as this pod.
+ type: string
+ resourceClaimTemplateName:
+ description: "ResourceClaimTemplateName is the
+ name of a ResourceClaimTemplate object in
+ the same namespace as this pod. \n The template
+ will be used to create a new ResourceClaim,
+ which will be bound to this pod. When this
+ pod is deleted, the ResourceClaim will also
+ be deleted. The pod name and resource name,
+ along with a generated component, will be
+ used to form a unique name for the ResourceClaim,
+ which will be recorded in pod.status.resourceClaimStatuses.
+ \n This field is immutable and no changes
+ will be made to the corresponding ResourceClaim
+ by the control plane after creating the ResourceClaim."
+ type: string
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ restartPolicy:
+ description: 'Restart policy for all containers within
+ the pod. One of Always, OnFailure, Never. In some contexts,
+ only a subset of those values may be permitted. Default
+ to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy'
+ type: string
+ runtimeClassName:
+ description: 'RuntimeClassName refers to a RuntimeClass
+ object in the node.k8s.io group, which should be used
+ to run this pod. If no RuntimeClass resource matches
+ the named class, the pod will not be run. If unset or
+ empty, the "legacy" RuntimeClass will be used, which
+ is an implicit class with an empty definition that uses
+ the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class'
+ type: string
+ schedulerName:
+ description: If specified, the pod will be dispatched
+ by specified scheduler. If not specified, the pod will
+ be dispatched by default scheduler.
+ type: string
+ schedulingGates:
+ description: "SchedulingGates is an opaque list of values
+ that if specified will block scheduling the pod. If
+ schedulingGates is not empty, the pod will stay in the
+ SchedulingGated state and the scheduler will not attempt
+ to schedule the pod. \n SchedulingGates can only be
+ set at pod creation time, and be removed only afterwards.
+ \n This is a beta feature enabled by the PodSchedulingReadiness
+ feature gate."
+ items:
+ description: PodSchedulingGate is associated to a Pod
+ to guard its scheduling.
+ properties:
+ name:
+ description: Name of the scheduling gate. Each scheduling
+ gate must have a unique name field.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ securityContext:
+ description: 'SecurityContext holds pod-level security
+ attributes and common container settings. Optional:
+ Defaults to empty. See type description for default
+ values of each field.'
+ properties:
+ fsGroup:
+ description: "A special supplemental group that applies
+ to all containers in a pod. Some volume types allow
+ the Kubelet to change the ownership of that volume
+ to be owned by the pod: \n 1. The owning GID will
+ be the FSGroup 2. The setgid bit is set (new files
+ created in the volume will be owned by FSGroup)
+ 3. The permission bits are OR'd with rw-rw---- \n
+ If unset, the Kubelet will not modify the ownership
+ and permissions of any volume. Note that this field
+ cannot be set when spec.os.name is windows."
+ format: int64
+ type: integer
+ fsGroupChangePolicy:
+ description: 'fsGroupChangePolicy defines behavior
+ of changing ownership and permission of the volume
+ before being exposed inside Pod. This field will
+ only apply to volume types which support fsGroup
+ based ownership(and permissions). It will have no
+ effect on ephemeral volume types such as: secret,
+ configmaps and emptydir. Valid values are "OnRootMismatch"
+ and "Always". If not specified, "Always" is used.
+ Note that this field cannot be set when spec.os.name
+ is windows.'
+ type: string
+ runAsGroup:
+ description: The GID to run the entrypoint of the
+ container process. Uses runtime default if unset.
+ May also be set in SecurityContext. If set in both
+ SecurityContext and PodSecurityContext, the value
+ specified in SecurityContext takes precedence for
+ that container. Note that this field cannot be set
+ when spec.os.name is windows.
+ format: int64
+ type: integer
+ runAsNonRoot:
+ description: Indicates that the container must run
+ as a non-root user. If true, the Kubelet will validate
+ the image at runtime to ensure that it does not
+ run as UID 0 (root) and fail to start the container
+ if it does. If unset or false, no such validation
+ will be performed. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ type: boolean
+ runAsUser:
+ description: The UID to run the entrypoint of the
+ container process. Defaults to user specified in
+ image metadata if unspecified. May also be set in
+ SecurityContext. If set in both SecurityContext
+ and PodSecurityContext, the value specified in SecurityContext
+ takes precedence for that container. Note that this
+ field cannot be set when spec.os.name is windows.
+ format: int64
+ type: integer
+ seLinuxOptions:
+ description: The SELinux context to be applied to
+ all containers. If unspecified, the container runtime
+ will allocate a random SELinux context for each
+ container. May also be set in SecurityContext. If
+ set in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence
+ for that container. Note that this field cannot
+ be set when spec.os.name is windows.
+ properties:
+ level:
+ description: Level is SELinux level label that
+ applies to the container.
+ type: string
+ role:
+ description: Role is a SELinux role label that
+ applies to the container.
+ type: string
+ type:
+ description: Type is a SELinux type label that
+ applies to the container.
+ type: string
+ user:
+ description: User is a SELinux user label that
+ applies to the container.
+ type: string
+ type: object
+ seccompProfile:
+ description: The seccomp options to use by the containers
+ in this pod. Note that this field cannot be set
+ when spec.os.name is windows.
+ properties:
+ localhostProfile:
+ description: localhostProfile indicates a profile
+ defined in a file on the node should be used.
+ The profile must be preconfigured on the node
+ to work. Must be a descending path, relative
+ to the kubelet's configured seccomp profile
+ location. Must be set if type is "Localhost".
+ Must NOT be set for any other type.
+ type: string
+ type:
+ description: "type indicates which kind of seccomp
+ profile will be applied. Valid options are:
+ \n Localhost - a profile defined in a file on
+ the node should be used. RuntimeDefault - the
+ container runtime default profile should be
+ used. Unconfined - no profile should be applied."
+ type: string
+ required:
+ - type
+ type: object
+ supplementalGroups:
+ description: A list of groups applied to the first
+ process run in each container, in addition to the
+ container's primary GID, the fsGroup (if specified),
+ and group memberships defined in the container image
+ for the uid of the container process. If unspecified,
+ no additional groups are added to any container.
+ Note that group memberships defined in the container
+ image for the uid of the container process are still
+ effective, even if they are not included in this
+ list. Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ format: int64
+ type: integer
+ type: array
+ sysctls:
+ description: Sysctls hold a list of namespaced sysctls
+ used for the pod. Pods with unsupported sysctls
+ (by the container runtime) might fail to launch.
+ Note that this field cannot be set when spec.os.name
+ is windows.
+ items:
+ description: Sysctl defines a kernel parameter to
+ be set
+ properties:
+ name:
+ description: Name of a property to set
+ type: string
+ value:
+ description: Value of a property to set
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ type: array
+ windowsOptions:
+ description: The Windows specific settings applied
+ to all containers. If unspecified, the options within
+ a container's SecurityContext will be used. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes precedence.
+ Note that this field cannot be set when spec.os.name
+ is linux.
+ properties:
+ gmsaCredentialSpec:
+ description: GMSACredentialSpec is where the GMSA
+ admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
+ inlines the contents of the GMSA credential
+ spec named by the GMSACredentialSpecName field.
+ type: string
+ gmsaCredentialSpecName:
+ description: GMSACredentialSpecName is the name
+ of the GMSA credential spec to use.
+ type: string
+ hostProcess:
+ description: HostProcess determines if a container
+ should be run as a 'Host Process' container.
+ All of a Pod's containers must have the same
+ effective HostProcess value (it is not allowed
+ to have a mix of HostProcess containers and
+ non-HostProcess containers). In addition, if
+ HostProcess is true then HostNetwork must also
+ be set to true.
+ type: boolean
+ runAsUserName:
+ description: The UserName in Windows to run the
+ entrypoint of the container process. Defaults
+ to the user specified in image metadata if unspecified.
+ May also be set in PodSecurityContext. If set
+ in both SecurityContext and PodSecurityContext,
+ the value specified in SecurityContext takes
+ precedence.
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ description: 'DeprecatedServiceAccount is a depreciated
+ alias for ServiceAccountName. Deprecated: Use serviceAccountName
+ instead.'
+ type: string
+ serviceAccountName:
+ description: 'ServiceAccountName is the name of the ServiceAccount
+ to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/'
+ type: string
+ setHostnameAsFQDN:
+ description: If true the pod's hostname will be configured
+ as the pod's FQDN, rather than the leaf name (the default).
+ In Linux containers, this means setting the FQDN in
+ the hostname field of the kernel (the nodename field
+ of struct utsname). In Windows containers, this means
+ setting the registry value of hostname for the registry
+ key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters
+ to FQDN. If a pod does not have FQDN, this has no effect.
+ Default to false.
+ type: boolean
+ shareProcessNamespace:
+ description: 'Share a single process namespace between
+ all of the containers in a pod. When this is set containers
+ will be able to view and signal processes from other
+ containers in the same pod, and the first process in
+ each container will not be assigned PID 1. HostPID and
+ ShareProcessNamespace cannot both be set. Optional:
+ Default to false.'
+ type: boolean
+ subdomain:
+ description: If specified, the fully qualified Pod hostname
+ will be "...svc.". If not specified, the pod will not have a
+ domainname at all.
+ type: string
+ terminationGracePeriodSeconds:
+ description: Optional duration in seconds the pod needs
+ to terminate gracefully. May be decreased in delete
+ request. Value must be non-negative integer. The value
+ zero indicates stop immediately via the kill signal
+ (no opportunity to shut down). If this value is nil,
+ the default grace period will be used instead. The grace
+ period is the duration in seconds after the processes
+ running in the pod are sent a termination signal and
+ the time when the processes are forcibly halted with
+ a kill signal. Set this value longer than the expected
+ cleanup time for your process. Defaults to 30 seconds.
+ format: int64
+ type: integer
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: The pod this Toleration is attached to
+ tolerates any taint that matches the triple
+ using the matching operator .
+ properties:
+ effect:
+ description: Effect indicates the taint effect to
+ match. Empty means match all taint effects. When
+ specified, allowed values are NoSchedule, PreferNoSchedule
+ and NoExecute.
+ type: string
+ key:
+ description: Key is the taint key that the toleration
+ applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists;
+ this combination means to match all values and
+ all keys.
+ type: string
+ operator:
+ description: Operator represents a key's relationship
+ to the value. Valid operators are Exists and Equal.
+ Defaults to Equal. Exists is equivalent to wildcard
+ for value, so that a pod can tolerate all taints
+ of a particular category.
+ type: string
+ tolerationSeconds:
+ description: TolerationSeconds represents the period
+ of time the toleration (which must be of effect
+ NoExecute, otherwise this field is ignored) tolerates
+ the taint. By default, it is not set, which means
+ tolerate the taint forever (do not evict). Zero
+ and negative values will be treated as 0 (evict
+ immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: Value is the taint value the toleration
+ matches to. If the operator is Exists, the value
+ should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ topologySpreadConstraints:
+ description: TopologySpreadConstraints describes how a
+ group of pods ought to spread across topology domains.
+ Scheduler will schedule pods in a way which abides by
+ the constraints. All topologySpreadConstraints are ANDed.
+ items:
+ description: TopologySpreadConstraint specifies how
+ to spread matching pods among the given topology.
+ properties:
+ labelSelector:
+ description: LabelSelector is used to find matching
+ pods. Pods that match this label selector are
+ counted to determine the number of pods in their
+ corresponding topology domain.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: A label selector requirement
+ is a selector that contains values, a key,
+ and an operator that relates the key and
+ values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's
+ relationship to a set of values. Valid
+ operators are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string
+ values. If the operator is In or NotIn,
+ the values array must be non-empty.
+ If the operator is Exists or DoesNotExist,
+ the values array must be empty. This
+ array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value}
+ pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions,
+ whose key field is "key", the operator is
+ "In", and the values array contains only "value".
+ The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: "MatchLabelKeys is a set of pod label
+ keys to select the pods over which spreading will
+ be calculated. The keys are used to lookup values
+ from the incoming pod labels, those key-value
+ labels are ANDed with labelSelector to select
+ the group of existing pods over which spreading
+ will be calculated for the incoming pod. The same
+ key is forbidden to exist in both MatchLabelKeys
+ and LabelSelector. MatchLabelKeys cannot be set
+ when LabelSelector isn't set. Keys that don't
+ exist in the incoming pod labels will be ignored.
+ A null or empty list means only match against
+ labelSelector. \n This is a beta field and requires
+ the MatchLabelKeysInPodTopologySpread feature
+ gate to be enabled (enabled by default)."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ maxSkew:
+ description: 'MaxSkew describes the degree to which
+ pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
+ it is the maximum permitted difference between
+ the number of matching pods in the target topology
+ and the global minimum. The global minimum is
+ the minimum number of matching pods in an eligible
+ domain or zero if the number of eligible domains
+ is less than MinDomains. For example, in a 3-zone
+ cluster, MaxSkew is set to 1, and pods with the
+ same labelSelector spread as 2/2/1: In this case,
+ the global minimum is 1. | zone1 | zone2 | zone3
+ | | P P | P P | P | - if MaxSkew is 1,
+ incoming pod can only be scheduled to zone3 to
+ become 2/2/2; scheduling it onto zone1(zone2)
+ would make the ActualSkew(3-1) on zone1(zone2)
+ violate MaxSkew(1). - if MaxSkew is 2, incoming
+ pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
+ it is used to give higher precedence to topologies
+ that satisfy it. It''s a required field. Default
+ value is 1 and 0 is not allowed.'
+ format: int32
+ type: integer
+ minDomains:
+ description: "MinDomains indicates a minimum number
+ of eligible domains. When the number of eligible
+ domains with matching topology keys is less than
+ minDomains, Pod Topology Spread treats \"global
+ minimum\" as 0, and then the calculation of Skew
+ is performed. And when the number of eligible
+ domains with matching topology keys equals or
+ greater than minDomains, this value has no effect
+ on scheduling. As a result, when the number of
+ eligible domains is less than minDomains, scheduler
+ won't schedule more than maxSkew Pods to those
+ domains. If value is nil, the constraint behaves
+ as if MinDomains is equal to 1. Valid values are
+ integers greater than 0. When value is not nil,
+ WhenUnsatisfiable must be DoNotSchedule. \n For
+ example, in a 3-zone cluster, MaxSkew is set to
+ 2, MinDomains is set to 5 and pods with the same
+ labelSelector spread as 2/2/2: | zone1 | zone2
+ | zone3 | | P P | P P | P P | The number
+ of domains is less than 5(MinDomains), so \"global
+ minimum\" is treated as 0. In this situation,
+ new pod with the same labelSelector cannot be
+ scheduled, because computed skew will be 3(3 -
+ 0) if new Pod is scheduled to any of the three
+ zones, it will violate MaxSkew. \n This is a beta
+ field and requires the MinDomainsInPodTopologySpread
+ feature gate to be enabled (enabled by default)."
+ format: int32
+ type: integer
+ nodeAffinityPolicy:
+ description: "NodeAffinityPolicy indicates how we
+ will treat Pod's nodeAffinity/nodeSelector when
+ calculating pod topology spread skew. Options
+ are: - Honor: only nodes matching nodeAffinity/nodeSelector
+ are included in the calculations. - Ignore: nodeAffinity/nodeSelector
+ are ignored. All nodes are included in the calculations.
+ \n If this value is nil, the behavior is equivalent
+ to the Honor policy. This is a beta-level feature
+ default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ nodeTaintsPolicy:
+ description: "NodeTaintsPolicy indicates how we
+ will treat node taints when calculating pod topology
+ spread skew. Options are: - Honor: nodes without
+ taints, along with tainted nodes for which the
+ incoming pod has a toleration, are included. -
+ Ignore: node taints are ignored. All nodes are
+ included. \n If this value is nil, the behavior
+ is equivalent to the Ignore policy. This is a
+ beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread
+ feature flag."
+ type: string
+ topologyKey:
+ description: TopologyKey is the key of node labels.
+ Nodes that have a label with this key and identical
+ values are considered to be in the same topology.
+ We consider each as a "bucket", and
+ try to put balanced number of pods into each bucket.
+ We define a domain as a particular instance of
+ a topology. Also, we define an eligible domain
+ as a domain whose nodes meet the requirements
+ of nodeAffinityPolicy and nodeTaintsPolicy. e.g.
+ If TopologyKey is "kubernetes.io/hostname", each
+ Node is a domain of that topology. And, if TopologyKey
+ is "topology.kubernetes.io/zone", each zone is
+ a domain of that topology. It's a required field.
+ type: string
+ whenUnsatisfiable:
+ description: 'WhenUnsatisfiable indicates how to
+ deal with a pod if it doesn''t satisfy the spread
+ constraint. - DoNotSchedule (default) tells the
+ scheduler not to schedule it. - ScheduleAnyway
+ tells the scheduler to schedule the pod in any
+ location, but giving higher precedence to topologies
+ that would help reduce the skew. A constraint
+ is considered "Unsatisfiable" for an incoming
+ pod if and only if every possible node assignment
+ for that pod would violate "MaxSkew" on some topology.
+ For example, in a 3-zone cluster, MaxSkew is set
+ to 1, and pods with the same labelSelector spread
+ as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P |
+ If WhenUnsatisfiable is set to DoNotSchedule,
+ incoming pod can only be scheduled to zone2(zone3)
+ to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3)
+ satisfies MaxSkew(1). In other words, the cluster
+ can still be imbalanced, but scheduler won''t
+ make it *more* imbalanced. It''s a required field.'
+ type: string
+ required:
+ - maxSkew
+ - topologyKey
+ - whenUnsatisfiable
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - topologyKey
+ - whenUnsatisfiable
+ x-kubernetes-list-type: map
+ volumes:
+ description: 'List of volumes that can be mounted by containers
+ belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes'
+ items:
+ description: Volume represents a named volume in a pod
+ that may be accessed by any container in the pod.
+ properties:
+ awsElasticBlockStore:
+ description: 'awsElasticBlockStore represents an
+ AWS Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty).'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly value true will force
+ the readOnly setting in VolumeMounts. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: boolean
+ volumeID:
+ description: 'volumeID is unique ID of the persistent
+ disk resource in AWS (Amazon EBS volume).
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore'
+ type: string
+ required:
+ - volumeID
+ type: object
+ azureDisk:
+ description: azureDisk represents an Azure Data
+ Disk mount on the host and bind mount to the pod.
+ properties:
+ cachingMode:
+ description: 'cachingMode is the Host Caching
+ mode: None, Read Only, Read Write.'
+ type: string
+ diskName:
+ description: diskName is the Name of the data
+ disk in the blob storage
+ type: string
+ diskURI:
+ description: diskURI is the URI of data disk
+ in the blob storage
+ type: string
+ fsType:
+ description: fsType is Filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ kind:
+ description: 'kind expected values are Shared:
+ multiple blob disks per storage account Dedicated:
+ single blob disk per storage account Managed:
+ azure managed data disk (only in managed availability
+ set). defaults to shared'
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ required:
+ - diskName
+ - diskURI
+ type: object
+ azureFile:
+ description: azureFile represents an Azure File
+ Service mount on the host and bind mount to the
+ pod.
+ properties:
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretName:
+ description: secretName is the name of secret
+ that contains Azure Storage Account Name and
+ Key
+ type: string
+ shareName:
+ description: shareName is the azure share Name
+ type: string
+ required:
+ - secretName
+ - shareName
+ type: object
+ cephfs:
+ description: cephFS represents a Ceph FS mount on
+ the host that shares a pod's lifetime
+ properties:
+ monitors:
+ description: 'monitors is Required: Monitors
+ is a collection of Ceph monitors More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ path:
+ description: 'path is Optional: Used as the
+ mounted root, rather than the full Ceph tree,
+ default is /'
+ type: string
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.
+ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: boolean
+ secretFile:
+ description: 'secretFile is Optional: SecretFile
+ is the path to key ring for User, default
+ is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ secretRef:
+ description: 'secretRef is Optional: SecretRef
+ is reference to the authentication secret
+ for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is optional: User is the
+ rados user name, default is admin More info:
+ https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it'
+ type: string
+ required:
+ - monitors
+ type: object
+ cinder:
+ description: 'cinder represents a cinder volume
+ attached and mounted on kubelets host machine.
+ More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ readOnly:
+ description: 'readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: boolean
+ secretRef:
+ description: 'secretRef is optional: points
+ to a secret object containing parameters used
+ to connect to OpenStack.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeID:
+ description: 'volumeID used to identify the
+ volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md'
+ type: string
+ required:
+ - volumeID
+ type: object
+ configMap:
+ description: configMap represents a configMap that
+ should populate this volume
+ properties:
+ defaultMode:
+ description: 'defaultMode is optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items if unspecified, each key-value
+ pair in the Data field of the referenced ConfigMap
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified
+ which is not present in the ConfigMap, the
+ volume setup will error unless it is marked
+ optional. Paths must be relative and may not
+ contain the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether the ConfigMap
+ or its keys must be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ csi:
+ description: csi (Container Storage Interface) represents
+ ephemeral storage that is handled by certain external
+ CSI drivers (Beta feature).
+ properties:
+ driver:
+ description: driver is the name of the CSI driver
+ that handles this volume. Consult with your
+ admin for the correct name as registered in
+ the cluster.
+ type: string
+ fsType:
+ description: fsType to mount. Ex. "ext4", "xfs",
+ "ntfs". If not provided, the empty value is
+ passed to the associated CSI driver which
+ will determine the default filesystem to apply.
+ type: string
+ nodePublishSecretRef:
+ description: nodePublishSecretRef is a reference
+ to the secret object containing sensitive
+ information to pass to the CSI driver to complete
+ the CSI NodePublishVolume and NodeUnpublishVolume
+ calls. This field is optional, and may be
+ empty if no secret is required. If the secret
+ object contains more than one secret, all
+ secret references are passed.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ readOnly:
+ description: readOnly specifies a read-only
+ configuration for the volume. Defaults to
+ false (read/write).
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ type: string
+ description: volumeAttributes stores driver-specific
+ properties that are passed to the CSI driver.
+ Consult your driver's documentation for supported
+ values.
+ type: object
+ required:
+ - driver
+ type: object
+ downwardAPI:
+ description: downwardAPI represents downward API
+ about the pod that should populate this volume
+ properties:
+ defaultMode:
+ description: 'Optional: mode bits to use on
+ created files by default. Must be a Optional:
+ mode bits used to set permissions on created
+ files by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: Items is a list of downward API
+ volume file
+ items:
+ description: DownwardAPIVolumeFile represents
+ information to create the file containing
+ the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects a field
+ of the pod: only annotations, labels,
+ name and namespace are supported.'
+ properties:
+ apiVersion:
+ description: Version of the schema
+ the FieldPath is written in terms
+ of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to
+ select in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode bits used
+ to set permissions on this file, must
+ be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511.
+ YAML accepts both octal and decimal
+ values, JSON requires decimal values
+ for mode bits. If not specified, the
+ volume defaultMode will be used. This
+ might be in conflict with other options
+ that affect the file mode, like fsGroup,
+ and the result can be other mode bits
+ set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path is the relative
+ path name of the file to be created.
+ Must not be absolute or contain the
+ ''..'' path. Must be utf-8 encoded.
+ The first item of the relative path
+ must not start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource of the
+ container: only resources limits and
+ requests (limits.cpu, limits.memory,
+ requests.cpu and requests.memory) are
+ currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output
+ format of the exposed resources,
+ defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ emptyDir:
+ description: 'emptyDir represents a temporary directory
+ that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ properties:
+ medium:
+ description: 'medium represents what type of
+ storage medium should back this directory.
+ The default is "" which means to use the node''s
+ default medium. Must be an empty string (default)
+ or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ type: string
+ sizeLimit:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'sizeLimit is the total amount
+ of local storage required for this EmptyDir
+ volume. The size limit is also applicable
+ for memory medium. The maximum usage on memory
+ medium EmptyDir would be the minimum value
+ between the SizeLimit specified here and the
+ sum of memory limits of all containers in
+ a pod. The default is nil which means that
+ the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir'
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ type: object
+ ephemeral:
+ description: "ephemeral represents a volume that
+ is handled by a cluster storage driver. The volume's
+ lifecycle is tied to the pod that defines it -
+ it will be created before the pod starts, and
+ deleted when the pod is removed. \n Use this if:
+ a) the volume is only needed while the pod runs,
+ b) features of normal volumes like restoring from
+ snapshot or capacity tracking are needed, c) the
+ storage driver is specified through a storage
+ class, and d) the storage driver supports dynamic
+ volume provisioning through a PersistentVolumeClaim
+ (see EphemeralVolumeSource for more information
+ on the connection between this volume type and
+ PersistentVolumeClaim). \n Use PersistentVolumeClaim
+ or one of the vendor-specific APIs for volumes
+ that persist for longer than the lifecycle of
+ an individual pod. \n Use CSI for light-weight
+ local ephemeral volumes if the CSI driver is meant
+ to be used that way - see the documentation of
+ the driver for more information. \n A pod can
+ use both types of ephemeral volumes and persistent
+ volumes at the same time."
+ properties:
+ volumeClaimTemplate:
+ description: "Will be used to create a stand-alone
+ PVC to provision the volume. The pod in which
+ this EphemeralVolumeSource is embedded will
+ be the owner of the PVC, i.e. the PVC will
+ be deleted together with the pod. The name
+ of the PVC will be `-`
+ where `` is the name from the
+ `PodSpec.Volumes` array entry. Pod validation
+ will reject the pod if the concatenated name
+ is not valid for a PVC (for example, too long).
+ \n An existing PVC with that name that is
+ not owned by the pod will *not* be used for
+ the pod to avoid using an unrelated volume
+ by mistake. Starting the pod is then blocked
+ until the unrelated PVC is removed. If such
+ a pre-created PVC is meant to be used by the
+ pod, the PVC has to updated with an owner
+ reference to the pod once the pod exists.
+ Normally this should not be necessary, but
+ it may be useful when manually reconstructing
+ a broken cluster. \n This field is read-only
+ and no changes will be made by Kubernetes
+ to the PVC after it has been created. \n Required,
+ must not be nil."
+ properties:
+ metadata:
+ description: May contain labels and annotations
+ that will be copied into the PVC when
+ creating it. No other fields are allowed
+ and will be rejected during validation.
+ properties:
+ annotations:
+ additionalProperties:
+ type: string
+ type: object
+ finalizers:
+ items:
+ type: string
+ type: array
+ labels:
+ additionalProperties:
+ type: string
+ type: object
+ name:
+ type: string
+ namespace:
+ type: string
+ type: object
+ spec:
+ description: The specification for the PersistentVolumeClaim.
+ The entire content is copied unchanged
+ into the PVC that gets created from this
+ template. The same fields as in a PersistentVolumeClaim
+ are also valid here.
+ properties:
+ accessModes:
+ description: 'accessModes contains the
+ desired access modes the volume should
+ have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1'
+ items:
+ type: string
+ type: array
+ dataSource:
+ description: 'dataSource field can be
+ used to specify either: * An existing
+ VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+ * An existing PVC (PersistentVolumeClaim)
+ If the provisioner or an external
+ controller can support the specified
+ data source, it will create a new
+ volume based on the contents of the
+ specified data source. When the AnyVolumeDataSource
+ feature gate is enabled, dataSource
+ contents will be copied to dataSourceRef,
+ and dataSourceRef contents will be
+ copied to dataSource when dataSourceRef.namespace
+ is not specified. If the namespace
+ is specified, then dataSourceRef will
+ not be copied to dataSource.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ dataSourceRef:
+ description: 'dataSourceRef specifies
+ the object from which to populate
+ the volume with data, if a non-empty
+ volume is desired. This may be any
+ object from a non-empty API group
+ (non core object) or a PersistentVolumeClaim
+ object. When this field is specified,
+ volume binding will only succeed if
+ the type of the specified object matches
+ some installed volume populator or
+ dynamic provisioner. This field will
+ replace the functionality of the dataSource
+ field and as such if both fields are
+ non-empty, they must have the same
+ value. For backwards compatibility,
+ when namespace isn''t specified in
+ dataSourceRef, both fields (dataSource
+ and dataSourceRef) will be set to
+ the same value automatically if one
+ of them is empty and the other is
+ non-empty. When namespace is specified
+ in dataSourceRef, dataSource isn''t
+ set to the same value and must be
+ empty. There are three important differences
+ between dataSource and dataSourceRef:
+ * While dataSource only allows two
+ specific types of objects, dataSourceRef
+ allows any non-core object, as well
+ as PersistentVolumeClaim objects.
+ * While dataSource ignores disallowed
+ values (dropping them), dataSourceRef
+ preserves all values, and generates
+ an error if a disallowed value is
+ specified. * While dataSource only
+ allows local objects, dataSourceRef
+ allows objects in any namespaces.
+ (Beta) Using this field requires the
+ AnyVolumeDataSource feature gate to
+ be enabled. (Alpha) Using the namespace
+ field of dataSourceRef requires the
+ CrossNamespaceVolumeDataSource feature
+ gate to be enabled.'
+ properties:
+ apiGroup:
+ description: APIGroup is the group
+ for the resource being referenced.
+ If APIGroup is not specified,
+ the specified Kind must be in
+ the core API group. For any other
+ third-party types, APIGroup is
+ required.
+ type: string
+ kind:
+ description: Kind is the type of
+ resource being referenced
+ type: string
+ name:
+ description: Name is the name of
+ resource being referenced
+ type: string
+ namespace:
+ description: Namespace is the namespace
+ of resource being referenced Note
+ that when a namespace is specified,
+ a gateway.networking.k8s.io/ReferenceGrant
+ object is required in the referent
+ namespace to allow that namespace's
+ owner to accept the reference.
+ See the ReferenceGrant documentation
+ for details. (Alpha) This field
+ requires the CrossNamespaceVolumeDataSource
+ feature gate to be enabled.
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ resources:
+ description: 'resources represents the
+ minimum resources the volume should
+ have. If RecoverVolumeExpansionFailure
+ feature is enabled users are allowed
+ to specify resource requirements that
+ are lower than previous value but
+ must still be higher than capacity
+ recorded in the status field of the
+ claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources'
+ properties:
+ claims:
+ description: "Claims lists the names
+ of resources, defined in spec.resourceClaims,
+ that are used by this container.
+ \n This is an alpha field and
+ requires enabling the DynamicResourceAllocation
+ feature gate. \n This field is
+ immutable. It can only be set
+ for containers."
+ items:
+ description: ResourceClaim references
+ one entry in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: Name must match
+ the name of one entry in
+ pod.spec.resourceClaims
+ of the Pod where this field
+ is used. It makes that resource
+ available inside a container.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Limits describes the
+ maximum amount of compute resources
+ allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: 'Requests describes
+ the minimum amount of compute
+ resources required. If Requests
+ is omitted for a container, it
+ defaults to Limits if that is
+ explicitly specified, otherwise
+ to an implementation-defined value.
+ Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+ type: object
+ type: object
+ selector:
+ description: selector is a label query
+ over volumes to consider for binding.
+ properties:
+ matchExpressions:
+ description: matchExpressions is
+ a list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: A label selector
+ requirement is a selector that
+ contains values, a key, and
+ an operator that relates the
+ key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: operator represents
+ a key's relationship to
+ a set of values. Valid operators
+ are In, NotIn, Exists and
+ DoesNotExist.
+ type: string
+ values:
+ description: values is an
+ array of string values.
+ If the operator is In or
+ NotIn, the values array
+ must be non-empty. If the
+ operator is Exists or DoesNotExist,
+ the values array must be
+ empty. This array is replaced
+ during a strategic merge
+ patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map
+ of {key,value} pairs. A single
+ {key,value} in the matchLabels
+ map is equivalent to an element
+ of matchExpressions, whose key
+ field is "key", the operator is
+ "In", and the values array contains
+ only "value". The requirements
+ are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ storageClassName:
+ description: 'storageClassName is the
+ name of the StorageClass required
+ by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1'
+ type: string
+ volumeMode:
+ description: volumeMode defines what
+ type of volume is required by the
+ claim. Value of Filesystem is implied
+ when not included in claim spec.
+ type: string
+ volumeName:
+ description: volumeName is the binding
+ reference to the PersistentVolume
+ backing this claim.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ type: object
+ fc:
+ description: fc represents a Fibre Channel resource
+ that is attached to a kubelet's host machine and
+ then exposed to the pod.
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ to mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. TODO: how do we prevent errors
+ in the filesystem from compromising the machine'
+ type: string
+ lun:
+ description: 'lun is Optional: FC target lun
+ number'
+ format: int32
+ type: integer
+ readOnly:
+ description: 'readOnly is Optional: Defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ targetWWNs:
+ description: 'targetWWNs is Optional: FC target
+ worldwide names (WWNs)'
+ items:
+ type: string
+ type: array
+ wwids:
+ description: 'wwids Optional: FC volume world
+ wide identifiers (wwids) Either wwids or combination
+ of targetWWNs and lun must be set, but not
+ both simultaneously.'
+ items:
+ type: string
+ type: array
+ type: object
+ flexVolume:
+ description: flexVolume represents a generic volume
+ resource that is provisioned/attached using an
+ exec based plugin.
+ properties:
+ driver:
+ description: driver is the name of the driver
+ to use for this volume.
+ type: string
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". The default filesystem depends
+ on FlexVolume script.
+ type: string
+ options:
+ additionalProperties:
+ type: string
+ description: 'options is Optional: this field
+ holds extra command options if any.'
+ type: object
+ readOnly:
+ description: 'readOnly is Optional: defaults
+ to false (read/write). ReadOnly here will
+ force the ReadOnly setting in VolumeMounts.'
+ type: boolean
+ secretRef:
+ description: 'secretRef is Optional: secretRef
+ is reference to the secret object containing
+ sensitive information to pass to the plugin
+ scripts. This may be empty if no secret object
+ is specified. If the secret object contains
+ more than one secret, all secrets are passed
+ to the plugin scripts.'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - driver
+ type: object
+ flocker:
+ description: flocker represents a Flocker volume
+ attached to a kubelet's host machine. This depends
+ on the Flocker control service being running
+ properties:
+ datasetName:
+ description: datasetName is Name of the dataset
+ stored as metadata -> name on the dataset
+ for Flocker should be considered as deprecated
+ type: string
+ datasetUUID:
+ description: datasetUUID is the UUID of the
+ dataset. This is unique identifier of a Flocker
+ dataset
+ type: string
+ type: object
+ gcePersistentDisk:
+ description: 'gcePersistentDisk represents a GCE
+ Disk resource that is attached to a kubelet''s
+ host machine and then exposed to the pod. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ properties:
+ fsType:
+ description: 'fsType is filesystem type of the
+ volume that you want to mount. Tip: Ensure
+ that the filesystem type is supported by the
+ host operating system. Examples: "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ partition:
+ description: 'partition is the partition in
+ the volume that you want to mount. If omitted,
+ the default is to mount by volume name. Examples:
+ For volume /dev/sda1, you specify the partition
+ as "1". Similarly, the volume partition for
+ /dev/sda is "0" (or you can leave the property
+ empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ format: int32
+ type: integer
+ pdName:
+ description: 'pdName is unique name of the PD
+ resource in GCE. Used to identify the disk
+ in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk'
+ type: boolean
+ required:
+ - pdName
+ type: object
+ gitRepo:
+ description: 'gitRepo represents a git repository
+ at a particular revision. DEPRECATED: GitRepo
+ is deprecated. To provision a container with a
+ git repo, mount an EmptyDir into an InitContainer
+ that clones the repo using git, then mount the
+ EmptyDir into the Pod''s container.'
+ properties:
+ directory:
+ description: directory is the target directory
+ name. Must not contain or start with '..'. If
+ '.' is supplied, the volume directory will
+ be the git repository. Otherwise, if specified,
+ the volume will contain the git repository
+ in the subdirectory with the given name.
+ type: string
+ repository:
+ description: repository is the URL
+ type: string
+ revision:
+ description: revision is the commit hash for
+ the specified revision.
+ type: string
+ required:
+ - repository
+ type: object
+ glusterfs:
+ description: 'glusterfs represents a Glusterfs mount
+ on the host that shares a pod''s lifetime. More
+ info: https://examples.k8s.io/volumes/glusterfs/README.md'
+ properties:
+ endpoints:
+ description: 'endpoints is the endpoint name
+ that details Glusterfs topology. More info:
+ https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ path:
+ description: 'path is the Glusterfs volume path.
+ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the Glusterfs
+ volume to be mounted with read-only permissions.
+ Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod'
+ type: boolean
+ required:
+ - endpoints
+ - path
+ type: object
+ hostPath:
+ description: 'hostPath represents a pre-existing
+ file or directory on the host machine that is
+ directly exposed to the container. This is generally
+ used for system agents or other privileged things
+ that are allowed to see the host machine. Most
+ containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ --- TODO(jonesdl) We need to restrict who can
+ use host directory mounts and who can/can not
+ mount host directories as read/write.'
+ properties:
+ path:
+ description: 'path of the directory on the host.
+ If the path is a symlink, it will follow the
+ link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ type:
+ description: 'type for HostPath Volume Defaults
+ to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath'
+ type: string
+ required:
+ - path
+ type: object
+ iscsi:
+ description: 'iscsi represents an ISCSI Disk resource
+ that is attached to a kubelet''s host machine
+ and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md'
+ properties:
+ chapAuthDiscovery:
+ description: chapAuthDiscovery defines whether
+ support iSCSI Discovery CHAP authentication
+ type: boolean
+ chapAuthSession:
+ description: chapAuthSession defines whether
+ support iSCSI Session CHAP authentication
+ type: boolean
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ initiatorName:
+ description: initiatorName is the custom iSCSI
+ Initiator Name. If initiatorName is specified
+ with iscsiInterface simultaneously, new iSCSI
+ interface : will
+ be created for the connection.
+ type: string
+ iqn:
+ description: iqn is the target iSCSI Qualified
+ Name.
+ type: string
+ iscsiInterface:
+ description: iscsiInterface is the interface
+ Name that uses an iSCSI transport. Defaults
+ to 'default' (tcp).
+ type: string
+ lun:
+ description: lun represents iSCSI Target Lun
+ number.
+ format: int32
+ type: integer
+ portals:
+ description: portals is the iSCSI Target Portal
+ List. The portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ items:
+ type: string
+ type: array
+ readOnly:
+ description: readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ type: boolean
+ secretRef:
+ description: secretRef is the CHAP Secret for
+ iSCSI target and initiator authentication
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ targetPortal:
+ description: targetPortal is iSCSI Target Portal.
+ The Portal is either an IP or ip_addr:port
+ if the port is other than default (typically
+ TCP ports 860 and 3260).
+ type: string
+ required:
+ - iqn
+ - lun
+ - targetPortal
+ type: object
+ name:
+ description: 'name of the volume. Must be a DNS_LABEL
+ and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+ type: string
+ nfs:
+ description: 'nfs represents an NFS mount on the
+ host that shares a pod''s lifetime More info:
+ https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ properties:
+ path:
+ description: 'path that is exported by the NFS
+ server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the NFS
+ export to be mounted with read-only permissions.
+ Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: boolean
+ server:
+ description: 'server is the hostname or IP address
+ of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs'
+ type: string
+ required:
+ - path
+ - server
+ type: object
+ persistentVolumeClaim:
+ description: 'persistentVolumeClaimVolumeSource
+ represents a reference to a PersistentVolumeClaim
+ in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ properties:
+ claimName:
+ description: 'claimName is the name of a PersistentVolumeClaim
+ in the same namespace as the pod using this
+ volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims'
+ type: string
+ readOnly:
+ description: readOnly Will force the ReadOnly
+ setting in VolumeMounts. Default false.
+ type: boolean
+ required:
+ - claimName
+ type: object
+ photonPersistentDisk:
+ description: photonPersistentDisk represents a PhotonController
+ persistent disk attached and mounted on kubelets
+ host machine
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ pdID:
+ description: pdID is the ID that identifies
+ Photon Controller persistent disk
+ type: string
+ required:
+ - pdID
+ type: object
+ portworxVolume:
+ description: portworxVolume represents a portworx
+ volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fSType represents the filesystem
+ type to mount Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ volumeID:
+ description: volumeID uniquely identifies a
+ Portworx volume
+ type: string
+ required:
+ - volumeID
+ type: object
+ projected:
+ description: projected items for all in one resources
+ secrets, configmaps, and downward API
+ properties:
+ defaultMode:
+ description: defaultMode are the mode bits used
+ to set permissions on created files by default.
+ Must be an octal value between 0000 and 0777
+ or a decimal value between 0 and 511. YAML
+ accepts both octal and decimal values, JSON
+ requires decimal values for mode bits. Directories
+ within the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.
+ format: int32
+ type: integer
+ sources:
+ description: sources is the list of volume projections
+ items:
+ description: Projection that may be projected
+ along with other supported volume types
+ properties:
+ configMap:
+ description: configMap information about
+ the configMap data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced ConfigMap
+ will be projected into the volume
+ as a file whose name is the key
+ and content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the ConfigMap, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional specify whether
+ the ConfigMap or its keys must be
+ defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ downwardAPI:
+ description: downwardAPI information about
+ the downwardAPI data to project
+ properties:
+ items:
+ description: Items is a list of DownwardAPIVolume
+ file
+ items:
+ description: DownwardAPIVolumeFile
+ represents information to create
+ the file containing the pod field
+ properties:
+ fieldRef:
+ description: 'Required: Selects
+ a field of the pod: only annotations,
+ labels, name and namespace
+ are supported.'
+ properties:
+ apiVersion:
+ description: Version of
+ the schema the FieldPath
+ is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the
+ field to select in the
+ specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ mode:
+ description: 'Optional: mode
+ bits used to set permissions
+ on this file, must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: 'Required: Path
+ is the relative path name
+ of the file to be created.
+ Must not be absolute or contain
+ the ''..'' path. Must be utf-8
+ encoded. The first item of
+ the relative path must not
+ start with ''..'''
+ type: string
+ resourceFieldRef:
+ description: 'Selects a resource
+ of the container: only resources
+ limits and requests (limits.cpu,
+ limits.memory, requests.cpu
+ and requests.memory) are currently
+ supported.'
+ properties:
+ containerName:
+ description: 'Container
+ name: required for volumes,
+ optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the
+ output format of the exposed
+ resources, defaults to
+ "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required:
+ resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ required:
+ - path
+ type: object
+ type: array
+ type: object
+ secret:
+ description: secret information about
+ the secret data to project
+ properties:
+ items:
+ description: items if unspecified,
+ each key-value pair in the Data
+ field of the referenced Secret will
+ be projected into the volume as
+ a file whose name is the key and
+ content is the value. If specified,
+ the listed keys will be projected
+ into the specified paths, and unlisted
+ keys will not be present. If a key
+ is specified which is not present
+ in the Secret, the volume setup
+ will error unless it is marked optional.
+ Paths must be relative and may not
+ contain the '..' path or start with
+ '..'.
+ items:
+ description: Maps a string key to
+ a path within a volume.
+ properties:
+ key:
+ description: key is the key
+ to project.
+ type: string
+ mode:
+ description: 'mode is Optional:
+ mode bits used to set permissions
+ on this file. Must be an octal
+ value between 0000 and 0777
+ or a decimal value between
+ 0 and 511. YAML accepts both
+ octal and decimal values,
+ JSON requires decimal values
+ for mode bits. If not specified,
+ the volume defaultMode will
+ be used. This might be in
+ conflict with other options
+ that affect the file mode,
+ like fsGroup, and the result
+ can be other mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative
+ path of the file to map the
+ key to. May not be an absolute
+ path. May not contain the
+ path element '..'. May not
+ start with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ name:
+ description: 'Name of the referent.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: optional field specify
+ whether the Secret or its key must
+ be defined
+ type: boolean
+ type: object
+ x-kubernetes-map-type: atomic
+ serviceAccountToken:
+ description: serviceAccountToken is information
+ about the serviceAccountToken data to
+ project
+ properties:
+ audience:
+ description: audience is the intended
+ audience of the token. A recipient
+ of a token must identify itself
+ with an identifier specified in
+ the audience of the token, and otherwise
+ should reject the token. The audience
+ defaults to the identifier of the
+ apiserver.
+ type: string
+ expirationSeconds:
+ description: expirationSeconds is
+ the requested duration of validity
+ of the service account token. As
+ the token approaches expiration,
+ the kubelet volume plugin will proactively
+ rotate the service account token.
+ The kubelet will start trying to
+ rotate the token if the token is
+ older than 80 percent of its time
+ to live or if the token is older
+ than 24 hours.Defaults to 1 hour
+ and must be at least 10 minutes.
+ format: int64
+ type: integer
+ path:
+ description: path is the path relative
+ to the mount point of the file to
+ project the token into.
+ type: string
+ required:
+ - path
+ type: object
+ type: object
+ type: array
+ type: object
+ quobyte:
+ description: quobyte represents a Quobyte mount
+ on the host that shares a pod's lifetime
+ properties:
+ group:
+ description: group to map volume access to Default
+ is no group
+ type: string
+ readOnly:
+ description: readOnly here will force the Quobyte
+ volume to be mounted with read-only permissions.
+ Defaults to false.
+ type: boolean
+ registry:
+ description: registry represents a single or
+ multiple Quobyte Registry services specified
+ as a string as host:port pair (multiple entries
+ are separated with commas) which acts as the
+ central registry for volumes
+ type: string
+ tenant:
+ description: tenant owning the given Quobyte
+ volume in the Backend Used with dynamically
+ provisioned Quobyte volumes, value is set
+ by the plugin
+ type: string
+ user:
+ description: user to map volume access to Defaults
+ to serivceaccount user
+ type: string
+ volume:
+ description: volume is a string that references
+ an already created Quobyte volume by name.
+ type: string
+ required:
+ - registry
+ - volume
+ type: object
+ rbd:
+ description: 'rbd represents a Rados Block Device
+ mount on the host that shares a pod''s lifetime.
+ More info: https://examples.k8s.io/volumes/rbd/README.md'
+ properties:
+ fsType:
+ description: 'fsType is the filesystem type
+ of the volume that you want to mount. Tip:
+ Ensure that the filesystem type is supported
+ by the host operating system. Examples: "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+ TODO: how do we prevent errors in the filesystem
+ from compromising the machine'
+ type: string
+ image:
+ description: 'image is the rados image name.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ keyring:
+ description: 'keyring is the path to key ring
+ for RBDUser. Default is /etc/ceph/keyring.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ monitors:
+ description: 'monitors is a collection of Ceph
+ monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ items:
+ type: string
+ type: array
+ pool:
+ description: 'pool is the rados pool name. Default
+ is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ readOnly:
+ description: 'readOnly here will force the ReadOnly
+ setting in VolumeMounts. Defaults to false.
+ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: boolean
+ secretRef:
+ description: 'secretRef is name of the authentication
+ secret for RBDUser. If provided overrides
+ keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ user:
+ description: 'user is the rados user name. Default
+ is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it'
+ type: string
+ required:
+ - image
+ - monitors
+ type: object
+ scaleIO:
+ description: scaleIO represents a ScaleIO persistent
+ volume attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Default is "xfs".
+ type: string
+ gateway:
+ description: gateway is the host address of
+ the ScaleIO API Gateway.
+ type: string
+ protectionDomain:
+ description: protectionDomain is the name of
+ the ScaleIO Protection Domain for the configured
+ storage.
+ type: string
+ readOnly:
+ description: readOnly Defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef references to the secret
+ for ScaleIO user and other sensitive information.
+ If this is not provided, Login operation will
+ fail.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ sslEnabled:
+ description: sslEnabled Flag enable/disable
+ SSL communication with Gateway, default false
+ type: boolean
+ storageMode:
+ description: storageMode indicates whether the
+ storage for a volume should be ThickProvisioned
+ or ThinProvisioned. Default is ThinProvisioned.
+ type: string
+ storagePool:
+ description: storagePool is the ScaleIO Storage
+ Pool associated with the protection domain.
+ type: string
+ system:
+ description: system is the name of the storage
+ system as configured in ScaleIO.
+ type: string
+ volumeName:
+ description: volumeName is the name of a volume
+ already created in the ScaleIO system that
+ is associated with this volume source.
+ type: string
+ required:
+ - gateway
+ - secretRef
+ - system
+ type: object
+ secret:
+ description: 'secret represents a secret that should
+ populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ properties:
+ defaultMode:
+ description: 'defaultMode is Optional: mode
+ bits used to set permissions on created files
+ by default. Must be an octal value between
+ 0000 and 0777 or a decimal value between 0
+ and 511. YAML accepts both octal and decimal
+ values, JSON requires decimal values for mode
+ bits. Defaults to 0644. Directories within
+ the path are not affected by this setting.
+ This might be in conflict with other options
+ that affect the file mode, like fsGroup, and
+ the result can be other mode bits set.'
+ format: int32
+ type: integer
+ items:
+ description: items If unspecified, each key-value
+ pair in the Data field of the referenced Secret
+ will be projected into the volume as a file
+ whose name is the key and content is the value.
+ If specified, the listed keys will be projected
+ into the specified paths, and unlisted keys
+ will not be present. If a key is specified
+ which is not present in the Secret, the volume
+ setup will error unless it is marked optional.
+ Paths must be relative and may not contain
+ the '..' path or start with '..'.
+ items:
+ description: Maps a string key to a path within
+ a volume.
+ properties:
+ key:
+ description: key is the key to project.
+ type: string
+ mode:
+ description: 'mode is Optional: mode bits
+ used to set permissions on this file.
+ Must be an octal value between 0000
+ and 0777 or a decimal value between
+ 0 and 511. YAML accepts both octal and
+ decimal values, JSON requires decimal
+ values for mode bits. If not specified,
+ the volume defaultMode will be used.
+ This might be in conflict with other
+ options that affect the file mode, like
+ fsGroup, and the result can be other
+ mode bits set.'
+ format: int32
+ type: integer
+ path:
+ description: path is the relative path
+ of the file to map the key to. May not
+ be an absolute path. May not contain
+ the path element '..'. May not start
+ with the string '..'.
+ type: string
+ required:
+ - key
+ - path
+ type: object
+ type: array
+ optional:
+ description: optional field specify whether
+ the Secret or its keys must be defined
+ type: boolean
+ secretName:
+ description: 'secretName is the name of the
+ secret in the pod''s namespace to use. More
+ info: https://kubernetes.io/docs/concepts/storage/volumes#secret'
+ type: string
+ type: object
+ storageos:
+ description: storageOS represents a StorageOS volume
+ attached and mounted on Kubernetes nodes.
+ properties:
+ fsType:
+ description: fsType is the filesystem type to
+ mount. Must be a filesystem type supported
+ by the host operating system. Ex. "ext4",
+ "xfs", "ntfs". Implicitly inferred to be "ext4"
+ if unspecified.
+ type: string
+ readOnly:
+ description: readOnly defaults to false (read/write).
+ ReadOnly here will force the ReadOnly setting
+ in VolumeMounts.
+ type: boolean
+ secretRef:
+ description: secretRef specifies the secret
+ to use for obtaining the StorageOS API credentials. If
+ not specified, default values will be attempted.
+ properties:
+ name:
+ description: 'Name of the referent. More
+ info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ volumeName:
+ description: volumeName is the human-readable
+ name of the StorageOS volume. Volume names
+ are only unique within a namespace.
+ type: string
+ volumeNamespace:
+ description: volumeNamespace specifies the scope
+ of the volume within StorageOS. If no namespace
+ is specified then the Pod's namespace will
+ be used. This allows the Kubernetes name
+ scoping to be mirrored within StorageOS for
+ tighter integration. Set VolumeName to any
+ name to override the default behaviour. Set
+ to "default" if you are not using namespaces
+ within StorageOS. Namespaces that do not pre-exist
+ within StorageOS will be created.
+ type: string
+ type: object
+ vsphereVolume:
+ description: vsphereVolume represents a vSphere
+ volume attached and mounted on kubelets host machine
+ properties:
+ fsType:
+ description: fsType is filesystem type to mount.
+ Must be a filesystem type supported by the
+ host operating system. Ex. "ext4", "xfs",
+ "ntfs". Implicitly inferred to be "ext4" if
+ unspecified.
+ type: string
+ storagePolicyID:
+ description: storagePolicyID is the storage
+ Policy Based Management (SPBM) profile ID
+ associated with the StoragePolicyName.
+ type: string
+ storagePolicyName:
+ description: storagePolicyName is the storage
+ Policy Based Management (SPBM) profile name.
+ type: string
+ volumePath:
+ description: volumePath is the path that identifies
+ vSphere volume vmdk
+ type: string
+ required:
+ - volumePath
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - containers
+ type: object
+ type: object
+ ttlSecondsAfterFinished:
+ description: ttlSecondsAfterFinished limits the lifetime of a
+ Job that has finished execution (either Complete or Failed).
+ If this field is set, ttlSecondsAfterFinished after the Job
+ finishes, it is eligible to be automatically deleted. When the
+ Job is being deleted, its lifecycle guarantees (e.g. finalizers)
+ will be honored. If this field is unset, the Job won't be automatically
+ deleted. If this field is set to zero, the Job becomes eligible
+ to be deleted immediately after it finishes.
+ format: int32
+ type: integer
+ required:
+ - template
+ type: object
+ parametersSchema:
+ description: parametersSchema describes the schema used for validation,
+ pruning, and defaulting.
+ properties:
+ openAPIV3Schema:
+ description: openAPIV3SchemaProperties is the OpenAPI v3 schema
+ to use for parameter schema.
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ preChecks:
+ description: pre-check if it meets the requirements to run the job
+ for the operation.
+ items:
+ description: PreCheck
+ properties:
+ exec:
+ description: a job will be run to execute pre-check.
+ properties:
+ args:
+ description: container args.
+ items:
+ type: string
+ type: array
+ command:
+ description: container commands.
+ items:
+ type: string
+ type: array
+ env:
+ description: container env.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: 'Variable references $(VAR_NAME) are
+ expanded using the previously defined environment
+ variables in the container and any service environment
+ variables. If a variable cannot be resolved, the
+ reference in the input string will be unchanged.
+ Double $$ are reduced to a single $, which allows
+ for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
+ will produce the string literal "$(VAR_NAME)". Escaped
+ references will never be expanded, regardless of
+ whether the variable exists or not. Defaults to
+ "".'
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: 'Selects a field of the pod: supports
+ metadata.name, metadata.namespace, `metadata.labels['''']`,
+ `metadata.annotations['''']`, spec.nodeName,
+ spec.serviceAccountName, status.hostIP, status.podIP,
+ status.podIPs.'
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: 'Selects a resource of the container:
+ only resources limits and requests (limits.cpu,
+ limits.memory, limits.ephemeral-storage, requests.cpu,
+ requests.memory and requests.ephemeral-storage)
+ are currently supported.'
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ description: 'Name of the referent. More info:
+ https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ TODO: Add other useful fields. apiVersion,
+ kind, uid?'
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ image:
+ description: image name.
+ type: string
+ required:
+ - image
+ type: object
+ expression:
+ description: expression declares how the operation can be executed.
+ properties:
+ message:
+ description: report the message if the rule is not matched.
+ type: string
+ rule:
+ description: 'validation rule declares how the operation
+ can be executed using go template expression. it should
+ return "true" or "false", built-in objects: - "params"
+ are input parameters. - "cluster" is referenced cluster
+ object. - "component" is referenced the component Object.'
+ type: string
+ required:
+ - message
+ - rule
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: at least one exists for expression and exec.
+ rule: has(self.expression) || has(self.exec)
+ type: array
+ triggerPhaseChange:
+ description: triggerPhaseChange indicates whether the operation will
+ trigger a state change of the component. if true, will be queued
+ for execution.
+ type: boolean
+ required:
+ - componentDefinitionRefs
+ - jobSpec
+ type: object
+ status:
+ description: OpsDefinitionStatus defines the observed state of OpsDefinition
+ properties:
+ message:
+ description: Extra message for current phase.
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the most recent generation observed
+ for this OpsDefinition.
+ format: int64
+ type: integer
+ phase:
+ description: Phase valid values are ``, `Available`, 'Unavailable`.
+ Available is OpsDefinition become available, and can be used for
+ co-related objects.
+ enum:
+ - Available
+ - Unavailable
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/deploy/helm/crds/apps.kubeblocks.io_opsrequests.yaml b/deploy/helm/crds/apps.kubeblocks.io_opsrequests.yaml
index 6666b815b0ef..e84af9c0daf2 100644
--- a/deploy/helm/crds/apps.kubeblocks.io_opsrequests.yaml
+++ b/deploy/helm/crds/apps.kubeblocks.io_opsrequests.yaml
@@ -107,11 +107,28 @@ spec:
modifying this property again will not take effect.'
type: boolean
clusterRef:
- description: clusterRef references clusterDefinition.
+ description: clusterRef references cluster object.
type: string
x-kubernetes-validations:
- message: forbidden to update spec.clusterRef
rule: self == oldSelf
+ customSpec:
+ properties:
+ componentName:
+ description: cluster component name.
+ type: string
+ opsDefinitionRef:
+ description: reference a opsDefinition
+ type: string
+ params:
+ additionalProperties:
+ type: string
+ description: the input for this operation declared in the opsDefinition.spec.parametersSchema.
+ type: object
+ required:
+ - componentName
+ - opsDefinitionRef
+ type: object
expose:
description: expose defines services the component needs to expose.
items:
@@ -578,6 +595,7 @@ spec:
- DataScript
- Backup
- Restore
+ - Custom
type: string
x-kubernetes-validations:
- message: forbidden to update spec.type
diff --git a/go.mod b/go.mod
index 55137d889cb4..0ef3a2aba52a 100644
--- a/go.mod
+++ b/go.mod
@@ -110,11 +110,13 @@ require (
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/Microsoft/hcsshim v0.11.0 // indirect
github.com/andybalholm/brotli v1.0.5 // indirect
+ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect
github.com/armon/go-metrics v0.4.1 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bhmj/xpression v0.9.1 // indirect
+ github.com/blang/semver/v4 v4.0.0 // indirect
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 // indirect
github.com/bugsnag/bugsnag-go v2.1.2+incompatible // indirect
github.com/bugsnag/panicwrap v1.3.4 // indirect
@@ -162,6 +164,7 @@ require (
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/btree v1.1.2 // indirect
+ github.com/google/cel-go v0.16.0 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
@@ -258,6 +261,7 @@ require (
github.com/shopspring/decimal v1.3.1 // indirect
github.com/soheilhy/cmux v0.1.5 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
+ github.com/stoewer/go-strcase v1.2.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/tidwall/pretty v1.2.0 // indirect
github.com/tklauser/go-sysconf v0.3.11 // indirect
diff --git a/go.sum b/go.sum
index 28541991d3b4..3d84616b1fe4 100644
--- a/go.sum
+++ b/go.sum
@@ -151,6 +151,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=
github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18=
+github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -179,6 +181,8 @@ github.com/bhmj/jsonslice v1.1.2/go.mod h1:O3ZoA0zdEefdbk1dkU5aWPOA36zQhhS/HV6RQ
github.com/bhmj/xpression v0.9.1 h1:N7bX/nWx9oFi/zsiMTx2ehoRApTDAWdQadq/5o2wMGk=
github.com/bhmj/xpression v0.9.1/go.mod h1:j9oYmEXJjeL9mrgW1+ZDBKJXnbupsCPGhlO9J5YhS1Q=
github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
+github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
+github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
github.com/bshuster-repo/logrus-logstash-hook v1.0.2 h1:JYRWo+QGnQdedgshosug9hxpPYTB9oJ1ZZD3fY31alU=
github.com/bshuster-repo/logrus-logstash-hook v1.0.2/go.mod h1:HgYntJprnHSPaF9VPPPLP1L5S1vMWxRfa1J+vzDrDTw=
@@ -467,6 +471,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/cel-go v0.16.0 h1:DG9YQ8nFCFXAs/FDDwBxmL1tpKNrdlGUM9U3537bX/Y=
+github.com/google/cel-go v0.16.0/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -1004,6 +1010,8 @@ github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/y
github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
+github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU=
+github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
diff --git a/pkg/client/clientset/versioned/typed/apps/v1alpha1/apps_client.go b/pkg/client/clientset/versioned/typed/apps/v1alpha1/apps_client.go
index 974433bf6498..4a12444367f0 100644
--- a/pkg/client/clientset/versioned/typed/apps/v1alpha1/apps_client.go
+++ b/pkg/client/clientset/versioned/typed/apps/v1alpha1/apps_client.go
@@ -37,6 +37,7 @@ type AppsV1alpha1Interface interface {
ComponentDefinitionsGetter
ComponentResourceConstraintsGetter
ConfigConstraintsGetter
+ OpsDefinitionsGetter
OpsRequestsGetter
ServiceDescriptorsGetter
}
@@ -82,6 +83,10 @@ func (c *AppsV1alpha1Client) ConfigConstraints() ConfigConstraintInterface {
return newConfigConstraints(c)
}
+func (c *AppsV1alpha1Client) OpsDefinitions() OpsDefinitionInterface {
+ return newOpsDefinitions(c)
+}
+
func (c *AppsV1alpha1Client) OpsRequests(namespace string) OpsRequestInterface {
return newOpsRequests(c, namespace)
}
diff --git a/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_apps_client.go b/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_apps_client.go
index 0c302d4091c1..c9607342c6af 100644
--- a/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_apps_client.go
+++ b/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_apps_client.go
@@ -64,6 +64,10 @@ func (c *FakeAppsV1alpha1) ConfigConstraints() v1alpha1.ConfigConstraintInterfac
return &FakeConfigConstraints{c}
}
+func (c *FakeAppsV1alpha1) OpsDefinitions() v1alpha1.OpsDefinitionInterface {
+ return &FakeOpsDefinitions{c}
+}
+
func (c *FakeAppsV1alpha1) OpsRequests(namespace string) v1alpha1.OpsRequestInterface {
return &FakeOpsRequests{c, namespace}
}
diff --git a/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_opsdefinition.go b/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_opsdefinition.go
new file mode 100644
index 000000000000..f2faeb34e07f
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/apps/v1alpha1/fake/fake_opsdefinition.go
@@ -0,0 +1,132 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+ "context"
+
+ v1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ labels "k8s.io/apimachinery/pkg/labels"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ testing "k8s.io/client-go/testing"
+)
+
+// FakeOpsDefinitions implements OpsDefinitionInterface
+type FakeOpsDefinitions struct {
+ Fake *FakeAppsV1alpha1
+}
+
+var opsdefinitionsResource = v1alpha1.SchemeGroupVersion.WithResource("opsdefinitions")
+
+var opsdefinitionsKind = v1alpha1.SchemeGroupVersion.WithKind("OpsDefinition")
+
+// Get takes name of the opsDefinition, and returns the corresponding opsDefinition object, and an error if there is any.
+func (c *FakeOpsDefinitions) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OpsDefinition, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootGetAction(opsdefinitionsResource, name), &v1alpha1.OpsDefinition{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.OpsDefinition), err
+}
+
+// List takes label and field selectors, and returns the list of OpsDefinitions that match those selectors.
+func (c *FakeOpsDefinitions) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OpsDefinitionList, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootListAction(opsdefinitionsResource, opsdefinitionsKind, opts), &v1alpha1.OpsDefinitionList{})
+ if obj == nil {
+ return nil, err
+ }
+
+ label, _, _ := testing.ExtractFromListOptions(opts)
+ if label == nil {
+ label = labels.Everything()
+ }
+ list := &v1alpha1.OpsDefinitionList{ListMeta: obj.(*v1alpha1.OpsDefinitionList).ListMeta}
+ for _, item := range obj.(*v1alpha1.OpsDefinitionList).Items {
+ if label.Matches(labels.Set(item.Labels)) {
+ list.Items = append(list.Items, item)
+ }
+ }
+ return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested opsDefinitions.
+func (c *FakeOpsDefinitions) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ return c.Fake.
+ InvokesWatch(testing.NewRootWatchAction(opsdefinitionsResource, opts))
+}
+
+// Create takes the representation of a opsDefinition and creates it. Returns the server's representation of the opsDefinition, and an error, if there is any.
+func (c *FakeOpsDefinitions) Create(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.CreateOptions) (result *v1alpha1.OpsDefinition, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootCreateAction(opsdefinitionsResource, opsDefinition), &v1alpha1.OpsDefinition{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.OpsDefinition), err
+}
+
+// Update takes the representation of a opsDefinition and updates it. Returns the server's representation of the opsDefinition, and an error, if there is any.
+func (c *FakeOpsDefinitions) Update(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (result *v1alpha1.OpsDefinition, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateAction(opsdefinitionsResource, opsDefinition), &v1alpha1.OpsDefinition{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.OpsDefinition), err
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *FakeOpsDefinitions) UpdateStatus(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (*v1alpha1.OpsDefinition, error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootUpdateSubresourceAction(opsdefinitionsResource, "status", opsDefinition), &v1alpha1.OpsDefinition{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.OpsDefinition), err
+}
+
+// Delete takes name of the opsDefinition and deletes it. Returns an error if one occurs.
+func (c *FakeOpsDefinitions) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ _, err := c.Fake.
+ Invokes(testing.NewRootDeleteActionWithOptions(opsdefinitionsResource, name, opts), &v1alpha1.OpsDefinition{})
+ return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeOpsDefinitions) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ action := testing.NewRootDeleteCollectionAction(opsdefinitionsResource, listOpts)
+
+ _, err := c.Fake.Invokes(action, &v1alpha1.OpsDefinitionList{})
+ return err
+}
+
+// Patch applies the patch and returns the patched opsDefinition.
+func (c *FakeOpsDefinitions) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OpsDefinition, err error) {
+ obj, err := c.Fake.
+ Invokes(testing.NewRootPatchSubresourceAction(opsdefinitionsResource, name, pt, data, subresources...), &v1alpha1.OpsDefinition{})
+ if obj == nil {
+ return nil, err
+ }
+ return obj.(*v1alpha1.OpsDefinition), err
+}
diff --git a/pkg/client/clientset/versioned/typed/apps/v1alpha1/generated_expansion.go b/pkg/client/clientset/versioned/typed/apps/v1alpha1/generated_expansion.go
index 4033adce777a..eb5aee12bc33 100644
--- a/pkg/client/clientset/versioned/typed/apps/v1alpha1/generated_expansion.go
+++ b/pkg/client/clientset/versioned/typed/apps/v1alpha1/generated_expansion.go
@@ -36,6 +36,8 @@ type ComponentResourceConstraintExpansion interface{}
type ConfigConstraintExpansion interface{}
+type OpsDefinitionExpansion interface{}
+
type OpsRequestExpansion interface{}
type ServiceDescriptorExpansion interface{}
diff --git a/pkg/client/clientset/versioned/typed/apps/v1alpha1/opsdefinition.go b/pkg/client/clientset/versioned/typed/apps/v1alpha1/opsdefinition.go
new file mode 100644
index 000000000000..b8e394202e9d
--- /dev/null
+++ b/pkg/client/clientset/versioned/typed/apps/v1alpha1/opsdefinition.go
@@ -0,0 +1,184 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ "time"
+
+ v1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ scheme "github.com/apecloud/kubeblocks/pkg/client/clientset/versioned/scheme"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ types "k8s.io/apimachinery/pkg/types"
+ watch "k8s.io/apimachinery/pkg/watch"
+ rest "k8s.io/client-go/rest"
+)
+
+// OpsDefinitionsGetter has a method to return a OpsDefinitionInterface.
+// A group's client should implement this interface.
+type OpsDefinitionsGetter interface {
+ OpsDefinitions() OpsDefinitionInterface
+}
+
+// OpsDefinitionInterface has methods to work with OpsDefinition resources.
+type OpsDefinitionInterface interface {
+ Create(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.CreateOptions) (*v1alpha1.OpsDefinition, error)
+ Update(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (*v1alpha1.OpsDefinition, error)
+ UpdateStatus(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (*v1alpha1.OpsDefinition, error)
+ Delete(ctx context.Context, name string, opts v1.DeleteOptions) error
+ DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error
+ Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.OpsDefinition, error)
+ List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.OpsDefinitionList, error)
+ Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error)
+ Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OpsDefinition, err error)
+ OpsDefinitionExpansion
+}
+
+// opsDefinitions implements OpsDefinitionInterface
+type opsDefinitions struct {
+ client rest.Interface
+}
+
+// newOpsDefinitions returns a OpsDefinitions
+func newOpsDefinitions(c *AppsV1alpha1Client) *opsDefinitions {
+ return &opsDefinitions{
+ client: c.RESTClient(),
+ }
+}
+
+// Get takes name of the opsDefinition, and returns the corresponding opsDefinition object, and an error if there is any.
+func (c *opsDefinitions) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.OpsDefinition, err error) {
+ result = &v1alpha1.OpsDefinition{}
+ err = c.client.Get().
+ Resource("opsdefinitions").
+ Name(name).
+ VersionedParams(&options, scheme.ParameterCodec).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// List takes label and field selectors, and returns the list of OpsDefinitions that match those selectors.
+func (c *opsDefinitions) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.OpsDefinitionList, err error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ result = &v1alpha1.OpsDefinitionList{}
+ err = c.client.Get().
+ Resource("opsdefinitions").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Watch returns a watch.Interface that watches the requested opsDefinitions.
+func (c *opsDefinitions) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) {
+ var timeout time.Duration
+ if opts.TimeoutSeconds != nil {
+ timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+ }
+ opts.Watch = true
+ return c.client.Get().
+ Resource("opsdefinitions").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Watch(ctx)
+}
+
+// Create takes the representation of a opsDefinition and creates it. Returns the server's representation of the opsDefinition, and an error, if there is any.
+func (c *opsDefinitions) Create(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.CreateOptions) (result *v1alpha1.OpsDefinition, err error) {
+ result = &v1alpha1.OpsDefinition{}
+ err = c.client.Post().
+ Resource("opsdefinitions").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(opsDefinition).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Update takes the representation of a opsDefinition and updates it. Returns the server's representation of the opsDefinition, and an error, if there is any.
+func (c *opsDefinitions) Update(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (result *v1alpha1.OpsDefinition, err error) {
+ result = &v1alpha1.OpsDefinition{}
+ err = c.client.Put().
+ Resource("opsdefinitions").
+ Name(opsDefinition.Name).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(opsDefinition).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// UpdateStatus was generated because the type contains a Status member.
+// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus().
+func (c *opsDefinitions) UpdateStatus(ctx context.Context, opsDefinition *v1alpha1.OpsDefinition, opts v1.UpdateOptions) (result *v1alpha1.OpsDefinition, err error) {
+ result = &v1alpha1.OpsDefinition{}
+ err = c.client.Put().
+ Resource("opsdefinitions").
+ Name(opsDefinition.Name).
+ SubResource("status").
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(opsDefinition).
+ Do(ctx).
+ Into(result)
+ return
+}
+
+// Delete takes name of the opsDefinition and deletes it. Returns an error if one occurs.
+func (c *opsDefinitions) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error {
+ return c.client.Delete().
+ Resource("opsdefinitions").
+ Name(name).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *opsDefinitions) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error {
+ var timeout time.Duration
+ if listOpts.TimeoutSeconds != nil {
+ timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+ }
+ return c.client.Delete().
+ Resource("opsdefinitions").
+ VersionedParams(&listOpts, scheme.ParameterCodec).
+ Timeout(timeout).
+ Body(&opts).
+ Do(ctx).
+ Error()
+}
+
+// Patch applies the patch and returns the patched opsDefinition.
+func (c *opsDefinitions) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.OpsDefinition, err error) {
+ result = &v1alpha1.OpsDefinition{}
+ err = c.client.Patch(pt).
+ Resource("opsdefinitions").
+ Name(name).
+ SubResource(subresources...).
+ VersionedParams(&opts, scheme.ParameterCodec).
+ Body(data).
+ Do(ctx).
+ Into(result)
+ return
+}
diff --git a/pkg/client/informers/externalversions/apps/v1alpha1/interface.go b/pkg/client/informers/externalversions/apps/v1alpha1/interface.go
index cc619afb585e..3e15cce4a4e6 100644
--- a/pkg/client/informers/externalversions/apps/v1alpha1/interface.go
+++ b/pkg/client/informers/externalversions/apps/v1alpha1/interface.go
@@ -42,6 +42,8 @@ type Interface interface {
ComponentResourceConstraints() ComponentResourceConstraintInformer
// ConfigConstraints returns a ConfigConstraintInformer.
ConfigConstraints() ConfigConstraintInformer
+ // OpsDefinitions returns a OpsDefinitionInformer.
+ OpsDefinitions() OpsDefinitionInformer
// OpsRequests returns a OpsRequestInformer.
OpsRequests() OpsRequestInformer
// ServiceDescriptors returns a ServiceDescriptorInformer.
@@ -104,6 +106,11 @@ func (v *version) ConfigConstraints() ConfigConstraintInformer {
return &configConstraintInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
}
+// OpsDefinitions returns a OpsDefinitionInformer.
+func (v *version) OpsDefinitions() OpsDefinitionInformer {
+ return &opsDefinitionInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
// OpsRequests returns a OpsRequestInformer.
func (v *version) OpsRequests() OpsRequestInformer {
return &opsRequestInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
diff --git a/pkg/client/informers/externalversions/apps/v1alpha1/opsdefinition.go b/pkg/client/informers/externalversions/apps/v1alpha1/opsdefinition.go
new file mode 100644
index 000000000000..8f69eb3e293e
--- /dev/null
+++ b/pkg/client/informers/externalversions/apps/v1alpha1/opsdefinition.go
@@ -0,0 +1,89 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ "context"
+ time "time"
+
+ appsv1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ versioned "github.com/apecloud/kubeblocks/pkg/client/clientset/versioned"
+ internalinterfaces "github.com/apecloud/kubeblocks/pkg/client/informers/externalversions/internalinterfaces"
+ v1alpha1 "github.com/apecloud/kubeblocks/pkg/client/listers/apps/v1alpha1"
+ v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ runtime "k8s.io/apimachinery/pkg/runtime"
+ watch "k8s.io/apimachinery/pkg/watch"
+ cache "k8s.io/client-go/tools/cache"
+)
+
+// OpsDefinitionInformer provides access to a shared informer and lister for
+// OpsDefinitions.
+type OpsDefinitionInformer interface {
+ Informer() cache.SharedIndexInformer
+ Lister() v1alpha1.OpsDefinitionLister
+}
+
+type opsDefinitionInformer struct {
+ factory internalinterfaces.SharedInformerFactory
+ tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewOpsDefinitionInformer constructs a new informer for OpsDefinition type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewOpsDefinitionInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+ return NewFilteredOpsDefinitionInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredOpsDefinitionInformer constructs a new informer for OpsDefinition type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredOpsDefinitionInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+ return cache.NewSharedIndexInformer(
+ &cache.ListWatch{
+ ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.AppsV1alpha1().OpsDefinitions().List(context.TODO(), options)
+ },
+ WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+ if tweakListOptions != nil {
+ tweakListOptions(&options)
+ }
+ return client.AppsV1alpha1().OpsDefinitions().Watch(context.TODO(), options)
+ },
+ },
+ &appsv1alpha1.OpsDefinition{},
+ resyncPeriod,
+ indexers,
+ )
+}
+
+func (f *opsDefinitionInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+ return NewFilteredOpsDefinitionInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *opsDefinitionInformer) Informer() cache.SharedIndexInformer {
+ return f.factory.InformerFor(&appsv1alpha1.OpsDefinition{}, f.defaultInformer)
+}
+
+func (f *opsDefinitionInformer) Lister() v1alpha1.OpsDefinitionLister {
+ return v1alpha1.NewOpsDefinitionLister(f.Informer().GetIndexer())
+}
diff --git a/pkg/client/informers/externalversions/generic.go b/pkg/client/informers/externalversions/generic.go
index c79ec0180236..3e2975798662 100644
--- a/pkg/client/informers/externalversions/generic.go
+++ b/pkg/client/informers/externalversions/generic.go
@@ -75,6 +75,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1alpha1().ComponentResourceConstraints().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("configconstraints"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1alpha1().ConfigConstraints().Informer()}, nil
+ case v1alpha1.SchemeGroupVersion.WithResource("opsdefinitions"):
+ return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1alpha1().OpsDefinitions().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("opsrequests"):
return &genericInformer{resource: resource.GroupResource(), informer: f.Apps().V1alpha1().OpsRequests().Informer()}, nil
case v1alpha1.SchemeGroupVersion.WithResource("servicedescriptors"):
diff --git a/pkg/client/listers/apps/v1alpha1/expansion_generated.go b/pkg/client/listers/apps/v1alpha1/expansion_generated.go
index 7befed7fe658..d3a86f1a59e8 100644
--- a/pkg/client/listers/apps/v1alpha1/expansion_generated.go
+++ b/pkg/client/listers/apps/v1alpha1/expansion_generated.go
@@ -62,6 +62,10 @@ type ComponentResourceConstraintListerExpansion interface{}
// ConfigConstraintLister.
type ConfigConstraintListerExpansion interface{}
+// OpsDefinitionListerExpansion allows custom methods to be added to
+// OpsDefinitionLister.
+type OpsDefinitionListerExpansion interface{}
+
// OpsRequestListerExpansion allows custom methods to be added to
// OpsRequestLister.
type OpsRequestListerExpansion interface{}
diff --git a/pkg/client/listers/apps/v1alpha1/opsdefinition.go b/pkg/client/listers/apps/v1alpha1/opsdefinition.go
new file mode 100644
index 000000000000..09b0be400fb2
--- /dev/null
+++ b/pkg/client/listers/apps/v1alpha1/opsdefinition.go
@@ -0,0 +1,68 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1alpha1
+
+import (
+ v1alpha1 "github.com/apecloud/kubeblocks/apis/apps/v1alpha1"
+ "k8s.io/apimachinery/pkg/api/errors"
+ "k8s.io/apimachinery/pkg/labels"
+ "k8s.io/client-go/tools/cache"
+)
+
+// OpsDefinitionLister helps list OpsDefinitions.
+// All objects returned here must be treated as read-only.
+type OpsDefinitionLister interface {
+ // List lists all OpsDefinitions in the indexer.
+ // Objects returned here must be treated as read-only.
+ List(selector labels.Selector) (ret []*v1alpha1.OpsDefinition, err error)
+ // Get retrieves the OpsDefinition from the index for a given name.
+ // Objects returned here must be treated as read-only.
+ Get(name string) (*v1alpha1.OpsDefinition, error)
+ OpsDefinitionListerExpansion
+}
+
+// opsDefinitionLister implements the OpsDefinitionLister interface.
+type opsDefinitionLister struct {
+ indexer cache.Indexer
+}
+
+// NewOpsDefinitionLister returns a new OpsDefinitionLister.
+func NewOpsDefinitionLister(indexer cache.Indexer) OpsDefinitionLister {
+ return &opsDefinitionLister{indexer: indexer}
+}
+
+// List lists all OpsDefinitions in the indexer.
+func (s *opsDefinitionLister) List(selector labels.Selector) (ret []*v1alpha1.OpsDefinition, err error) {
+ err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+ ret = append(ret, m.(*v1alpha1.OpsDefinition))
+ })
+ return ret, err
+}
+
+// Get retrieves the OpsDefinition from the index for a given name.
+func (s *opsDefinitionLister) Get(name string) (*v1alpha1.OpsDefinition, error) {
+ obj, exists, err := s.indexer.GetByKey(name)
+ if err != nil {
+ return nil, err
+ }
+ if !exists {
+ return nil, errors.NewNotFound(v1alpha1.Resource("opsdefinition"), name)
+ }
+ return obj.(*v1alpha1.OpsDefinition), nil
+}
diff --git a/pkg/common/openapiv3schema.go b/pkg/common/openapiv3schema.go
new file mode 100644
index 000000000000..63dd22faf624
--- /dev/null
+++ b/pkg/common/openapiv3schema.go
@@ -0,0 +1,48 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+This file is part of KubeBlocks project
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+package common
+
+import (
+ "fmt"
+
+ "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+ "k8s.io/apiextensions-apiserver/pkg/apiserver/validation"
+ "k8s.io/kube-openapi/pkg/validation/spec"
+ "k8s.io/kube-openapi/pkg/validation/strfmt"
+ "k8s.io/kube-openapi/pkg/validation/validate"
+)
+
+// ValidateDataWithSchema validates if the data is valid with the jsonSchema.
+func ValidateDataWithSchema(openAPIV3Schema *apiextensions.JSONSchemaProps, data interface{}) error {
+ if openAPIV3Schema == nil {
+ return fmt.Errorf("openAPIV3Schema can not be empty")
+ }
+ openapiSchema := &spec.Schema{}
+ if err := validation.ConvertJSONSchemaPropsWithPostProcess(openAPIV3Schema, openapiSchema, validation.StripUnsupportedFormatsPostProcess); err != nil {
+ return err
+ }
+ validator := validate.NewSchemaValidator(openapiSchema, nil, "", strfmt.Default)
+ res := validator.Validate(data)
+ if !res.IsValid() && res.HasErrors() {
+ // throw a head error
+ return res.Errors[0]
+ }
+ return nil
+}
diff --git a/pkg/common/utils.go b/pkg/common/utils.go
new file mode 100644
index 000000000000..dc8a829a4f4c
--- /dev/null
+++ b/pkg/common/utils.go
@@ -0,0 +1,41 @@
+/*
+Copyright (C) 2022-2023 ApeCloud Co., Ltd
+
+This file is part of KubeBlocks project
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as published by
+the Free Software Foundation, either version 3 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+package common
+
+import (
+ "strings"
+
+ "golang.org/x/text/cases"
+ "golang.org/x/text/language"
+)
+
+// ToCamelCase transforms k8s resource Name with camel case, for examples:
+// - make-food to MakeFood
+// - make.food to MakeFood
+func ToCamelCase(input string) string {
+ words := strings.FieldsFunc(input, func(r rune) bool {
+ return r == '.' || r == '-'
+ })
+ titleCase := cases.Title(language.English)
+ for i, word := range words {
+ words[i] = titleCase.String(word)
+ }
+ return strings.Join(words, "")
+}
diff --git a/pkg/controller/component/synthesize_component.go b/pkg/controller/component/synthesize_component.go
index 772509091197..a221e6c992d1 100644
--- a/pkg/controller/component/synthesize_component.go
+++ b/pkg/controller/component/synthesize_component.go
@@ -212,6 +212,7 @@ func buildSynthesizedComponent(reqCtx intctrlutil.RequestCtx,
// replace podSpec containers env component connection credential placeholder
// TODO(xingran): This is a temporary solution used to reference component connection credentials defined in ComponentDefinition. it will be refactored in the future.
+ // TODO: replace the all placeholder for the secret name.
replaceContainerPlaceholderTokens(synthesizeComp, GetEnvReplacementMapForCompConnCredential(synthesizeComp.ClusterName, synthesizeComp.Name))
return synthesizeComp, nil
@@ -470,6 +471,7 @@ func doContainerAttrOverride(compContainer *corev1.Container, container corev1.C
}
// GetEnvReplacementMapForConnCredential gets the replacement map for connect credential
+// Deprecated: will be removed in version 0.9
func GetEnvReplacementMapForConnCredential(clusterName string) map[string]string {
return map[string]string{
constant.KBConnCredentialPlaceHolder: constant.GenerateDefaultConnCredential(clusterName),
@@ -480,6 +482,9 @@ func GetEnvReplacementMapForConnCredential(clusterName string) map[string]string
func GetEnvReplacementMapForCompConnCredential(clusterName, componentName string) map[string]string {
return map[string]string{
constant.KBComponentConnCredentialPlaceHolder: constant.GenerateClusterComponentName(clusterName, componentName),
+ constant.KBCompNamePlaceHolder: componentName,
+ constant.KBClusterNamePlaceHolder: clusterName,
+ constant.KBClusterCompNamePlaceHolder: constant.GenerateClusterComponentName(clusterName, componentName),
}
}
diff --git a/pkg/controller/factory/builder.go b/pkg/controller/factory/builder.go
index 0f83fa80d9c1..361081331b09 100644
--- a/pkg/controller/factory/builder.go
+++ b/pkg/controller/factory/builder.go
@@ -503,30 +503,11 @@ func BuildConnCredential(clusterDefinition *appsv1alpha1.ClusterDefinition, clus
}
// TODO: do JIT value generation for lower CPU resources
- // 1st pass replace variables
- uuidVal := uuid.New()
- uuidBytes := uuidVal[:]
- uuidStr := uuidVal.String()
- uuidB64 := base64.RawStdEncoding.EncodeToString(uuidBytes)
- uuidStrB64 := base64.RawStdEncoding.EncodeToString([]byte(strings.ReplaceAll(uuidStr, "-", "")))
- uuidHex := hex.EncodeToString(uuidBytes)
- randomPassword := randomString(8)
- restorePassword := getRestorePassword()
- // check if a connection password is specified during recovery.
- // if exists, replace the random password
- if restorePassword != "" {
- randomPassword = restorePassword
- }
- m := map[string]string{
- "$(RANDOM_PASSWD)": randomPassword,
- "$(UUID)": uuidStr,
- "$(UUID_B64)": uuidB64,
- "$(UUID_STR_B64)": uuidStrB64,
- "$(UUID_HEX)": uuidHex,
- "$(SVC_FQDN)": constant.GenerateDefaultComponentServiceName(cluster.Name, component.Name),
- "$(KB_CLUSTER_COMP_NAME)": constant.GenerateClusterComponentName(cluster.Name, component.Name),
- "$(HEADLESS_SVC_FQDN)": constant.GenerateDefaultComponentHeadlessServiceName(cluster.Name, component.Name),
- }
+ restoredPassword := getRestorePassword()
+ m := BuildBuiltInObjsMapForSecret(true, restoredPassword)
+ m["$(SVC_FQDN)"] = constant.GenerateDefaultComponentServiceName(cluster.Name, component.Name)
+ m["$(KB_CLUSTER_COMP_NAME)"] = constant.GenerateClusterComponentName(cluster.Name, component.Name)
+ m["$(HEADLESS_SVC_FQDN)"] = constant.GenerateDefaultComponentHeadlessServiceName(cluster.Name, component.Name)
if len(component.Services) > 0 {
for _, p := range component.Services[0].Spec.Ports {
m[fmt.Sprintf("$(SVC_PORT_%s)", p.Name)] = strconv.Itoa(int(p.Port))
@@ -543,6 +524,29 @@ func BuildConnCredential(clusterDefinition *appsv1alpha1.ClusterDefinition, clus
return connCredential
}
+func BuildBuiltInObjsMapForSecret(initAccount bool, restoredPassword string) map[string]string {
+ // 1st pass replace variables
+ uuidVal := uuid.New()
+ uuidBytes := uuidVal[:]
+ uuidStr := uuidVal.String()
+ uuidB64 := base64.RawStdEncoding.EncodeToString(uuidBytes)
+ uuidStrB64 := base64.RawStdEncoding.EncodeToString([]byte(strings.ReplaceAll(uuidStr, "-", "")))
+ uuidHex := hex.EncodeToString(uuidBytes)
+ randomPassword := randomString(8)
+ // check if a connection password is specified during recovery.
+ // if exists, replace the random password
+ if initAccount && restoredPassword != "" {
+ randomPassword = restoredPassword
+ }
+ return map[string]string{
+ "$(RANDOM_PASSWD)": randomPassword,
+ "$(UUID)": uuidStr,
+ "$(UUID_B64)": uuidB64,
+ "$(UUID_STR_B64)": uuidStrB64,
+ "$(UUID_HEX)": uuidHex,
+ }
+}
+
func BuildConnCredential4Cluster(cluster *appsv1alpha1.Cluster, name string, data map[string][]byte) *corev1.Secret {
secretName := constant.GenerateClusterConnCredential(cluster.Name, name)
labels := constant.GetClusterWellKnownLabels(cluster.Name)