diff --git a/api/k0smotron.io/v1beta1/k0smotroncluster_types.go b/api/k0smotron.io/v1beta1/k0smotroncluster_types.go index eb5e6645a..df767d695 100644 --- a/api/k0smotron.io/v1beta1/k0smotroncluster_types.go +++ b/api/k0smotron.io/v1beta1/k0smotroncluster_types.go @@ -84,6 +84,13 @@ type ClusterSpec struct { // https://kubernetes.io/docs/concepts/storage/volumes //+kubebuilder:validation:Optional Manifests []v1.Volume `json:"manifests,omitempty"` + // Mounts allows to specify list of volumes with any files to be + // mounted in the controlplane pod. K0smotron allows any kind of volume, but the + // recommendation is to use secrets and configmaps. + // For more information check: + // https://kubernetes.io/docs/concepts/storage/volumes + //+kubebuilder:validation:Optional + Mounts []Mount `json:"mounts,omitempty"` // ControlPlaneFlags allows to configure additional flags for k0s // control plane and to override existing ones. The default flags are // kept unless they are overriden explicitly. Flags with arguments must @@ -101,6 +108,11 @@ type ClusterSpec struct { Resources v1.ResourceRequirements `json:"resources,omitempty"` } +type Mount struct { + Path string `json:"path"` + v1.VolumeSource `json:",inline"` +} + const ( defaultK0SImage = "k0sproject/k0s" defaultK0SVersion = "v1.27.9-k0s.0" diff --git a/api/k0smotron.io/v1beta1/zz_generated.deepcopy.go b/api/k0smotron.io/v1beta1/zz_generated.deepcopy.go index 1871df5fe..4668c877f 100644 --- a/api/k0smotron.io/v1beta1/zz_generated.deepcopy.go +++ b/api/k0smotron.io/v1beta1/zz_generated.deepcopy.go @@ -135,6 +135,13 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.Mounts != nil { + in, out := &in.Mounts, &out.Mounts + *out = make([]Mount, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.ControlPlaneFlags != nil { in, out := &in.ControlPlaneFlags, &out.ControlPlaneFlags *out = make([]string, len(*in)) @@ -312,6 +319,22 @@ func (in *MonitoringSpec) DeepCopy() *MonitoringSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Mount) DeepCopyInto(out *Mount) { + *out = *in + in.VolumeSource.DeepCopyInto(&out.VolumeSource) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Mount. +func (in *Mount) DeepCopy() *Mount { + if in == nil { + return nil + } + out := new(Mount) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ObjectMeta) DeepCopyInto(out *ObjectMeta) { *out = *in diff --git a/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml b/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml index 0775bc436..3ca84c0ce 100644 --- a/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml +++ b/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml @@ -1786,6 +1786,1625 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml b/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml index 3c10cf303..1511d176a 100644 --- a/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml +++ b/config/clusterapi/controlplane/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml @@ -1824,6 +1824,1641 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/config/clusterapi/k0smotron.io/bases/k0smotron.io_clusters.yaml b/config/clusterapi/k0smotron.io/bases/k0smotron.io_clusters.yaml index d50f4ef36..4daa534eb 100644 --- a/config/clusterapi/k0smotron.io/bases/k0smotron.io_clusters.yaml +++ b/config/clusterapi/k0smotron.io/bases/k0smotron.io_clusters.yaml @@ -1789,6 +1789,1625 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml b/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml index 0775bc436..3ca84c0ce 100644 --- a/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml +++ b/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanes.yaml @@ -1786,6 +1786,1625 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml b/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml index 3c10cf303..1511d176a 100644 --- a/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml +++ b/config/crd/bases/controlplane.cluster.x-k8s.io_k0smotroncontrolplanetemplates.yaml @@ -1824,6 +1824,1641 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk + mount on the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: + None, Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk + in the blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in + the blob storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single + blob disk per storage account Managed: azure + managed data disk (only in managed availability + set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service + mount on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that + contains Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the + host that shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted + root, rather than the full Ceph tree, default + is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should + populate this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents + ephemeral storage that is handled by certain external + CSI drivers (Beta feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about + the pod that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing the + pod field + properties: + fieldRef: + description: 'Required: Selects a field of + the pod: only annotations, labels, name + and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, defaults + to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' path. + Must be utf-8 encoded. The first item of + the relative path must not start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults to + "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource + being referenced + type: string + name: + description: Name is the name of resource + being referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references + one entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over + volumes to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The + requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource + that is attached to a kubelet's host machine and then + exposed to the pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to + use for this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds + extra command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached + to a kubelet's host machine. This depends on the Flocker + control service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. + This is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the + specified revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support + iSCSI Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support + iSCSI Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI + target and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host + machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon + Controller persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx + volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources + secrets, configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected + along with other supported volume types + properties: + configMap: + description: configMap information about the + configMap data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether + the ConfigMap or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about + the downwardAPI data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects + a field of the pod: only annotations, + labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the + relative path name of the file + to be created. Must not be absolute + or contain the ''..'' path. Must + be utf-8 encoded. The first item + of the relative path must not + start with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the + secret data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a + path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether + the Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information + about the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the + host that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references + an already created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent + volume attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the + ScaleIO API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the + ScaleIO Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL + communication with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. + type: string + system: + description: system is the name of the storage system + as configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the + Secret or its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume + attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy + Based Management (SPBM) profile ID associated + with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy + Based Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies + vSphere volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/config/crd/bases/k0smotron.io_clusters.yaml b/config/crd/bases/k0smotron.io_clusters.yaml index d50f4ef36..4daa534eb 100644 --- a/config/crd/bases/k0smotron.io_clusters.yaml +++ b/config/crd/bases/k0smotron.io_clusters.yaml @@ -1789,6 +1789,1625 @@ spec: - prometheusImage - proxyImage type: object + mounts: + description: |- + Mounts allows to specify list of volumes with any files to be + mounted in the controlplane pod. K0smotron allows any kind of volume, but the + recommendation is to use secrets and configmaps. + For more information check: + https://kubernetes.io/docs/concepts/storage/volumes + items: + properties: + awsElasticBlockStore: + description: |- + awsElasticBlockStore represents an AWS Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + format: int32 + type: integer + readOnly: + description: |- + readOnly value true will force the readOnly setting in VolumeMounts. + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: boolean + volumeID: + description: |- + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). + More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + type: string + required: + - volumeID + type: object + azureDisk: + description: azureDisk represents an Azure Data Disk mount on + the host and bind mount to the pod. + properties: + cachingMode: + description: 'cachingMode is the Host Caching mode: None, + Read Only, Read Write.' + type: string + diskName: + description: diskName is the Name of the data disk in the + blob storage + type: string + diskURI: + description: diskURI is the URI of data disk in the blob + storage + type: string + fsType: + description: |- + fsType is Filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + kind: + description: 'kind expected values are Shared: multiple + blob disks per storage account Dedicated: single blob + disk per storage account Managed: azure managed data + disk (only in managed availability set). defaults to shared' + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + description: azureFile represents an Azure File Service mount + on the host and bind mount to the pod. + properties: + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretName: + description: secretName is the name of secret that contains + Azure Storage Account Name and Key + type: string + shareName: + description: shareName is the azure share Name + type: string + required: + - secretName + - shareName + type: object + cephfs: + description: cephFS represents a Ceph FS mount on the host that + shares a pod's lifetime + properties: + monitors: + description: |- + monitors is Required: Monitors is a collection of Ceph monitors + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + items: + type: string + type: array + path: + description: 'path is Optional: Used as the mounted root, + rather than the full Ceph tree, default is /' + type: string + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: boolean + secretFile: + description: |- + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + secretRef: + description: |- + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is optional: User is the rados user name, default is admin + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + type: string + required: + - monitors + type: object + cinder: + description: |- + cinder represents a cinder volume attached and mounted on kubelets host machine. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: boolean + secretRef: + description: |- + secretRef is optional: points to a secret object containing parameters used to connect + to OpenStack. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeID: + description: |- + volumeID used to identify the volume in cinder. + More info: https://examples.k8s.io/mysql-cinder-pd/README.md + type: string + required: + - volumeID + type: object + configMap: + description: configMap represents a configMap that should populate + this volume + properties: + defaultMode: + description: |- + defaultMode is optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap or its + keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + csi: + description: csi (Container Storage Interface) represents ephemeral + storage that is handled by certain external CSI drivers (Beta + feature). + properties: + driver: + description: |- + driver is the name of the CSI driver that handles this volume. + Consult with your admin for the correct name as registered in the cluster. + type: string + fsType: + description: |- + fsType to mount. Ex. "ext4", "xfs", "ntfs". + If not provided, the empty value is passed to the associated CSI driver + which will determine the default filesystem to apply. + type: string + nodePublishSecretRef: + description: |- + nodePublishSecretRef is a reference to the secret object containing + sensitive information to pass to the CSI driver to complete the CSI + NodePublishVolume and NodeUnpublishVolume calls. + This field is optional, and may be empty if no secret is required. If the + secret object contains more than one secret, all secret references are passed. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + readOnly: + description: |- + readOnly specifies a read-only configuration for the volume. + Defaults to false (read/write). + type: boolean + volumeAttributes: + additionalProperties: + type: string + description: |- + volumeAttributes stores driver-specific properties that are passed to the CSI + driver. Consult your driver's documentation for supported values. + type: object + required: + - driver + type: object + downwardAPI: + description: downwardAPI represents downward API about the pod + that should populate this volume + properties: + defaultMode: + description: |- + Optional: mode bits to use on created files by default. Must be a + Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: Items is a list of downward API volume file + items: + description: DownwardAPIVolumeFile represents information + to create the file containing the pod field + properties: + fieldRef: + description: 'Required: Selects a field of the pod: + only annotations, labels, name and namespace are + supported.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative path + name of the file to be created. Must not be absolute + or contain the ''..'' path. Must be utf-8 encoded. + The first item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + emptyDir: + description: |- + emptyDir represents a temporary directory that shares a pod's lifetime. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + properties: + medium: + description: |- + medium represents what type of storage medium should back this directory. + The default is "" which means to use the node's default medium. + Must be an empty string (default) or Memory. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + description: |- + sizeLimit is the total amount of local storage required for this EmptyDir volume. + The size limit is also applicable for memory medium. + The maximum usage on memory medium EmptyDir would be the minimum value between + the SizeLimit specified here and the sum of memory limits of all containers in a pod. + The default is nil which means that the limit is undefined. + More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + description: |- + ephemeral represents a volume that is handled by a cluster storage driver. + The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, + and deleted when the pod is removed. + + + Use this if: + a) the volume is only needed while the pod runs, + b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, + c) the storage driver is specified through a storage class, and + d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + + Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than the lifecycle + of an individual pod. + + + Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to + be used that way - see the documentation of the driver for + more information. + + + A pod can use both types of ephemeral volumes and + persistent volumes at the same time. + properties: + volumeClaimTemplate: + description: |- + Will be used to create a stand-alone PVC to provision the volume. + The pod in which this EphemeralVolumeSource is embedded will be the + owner of the PVC, i.e. the PVC will be deleted together with the + pod. The name of the PVC will be `-` where + `` is the name from the `PodSpec.Volumes` array + entry. Pod validation will reject the pod if the concatenated name + is not valid for a PVC (for example, too long). + + + An existing PVC with that name that is not owned by the pod + will *not* be used for the pod to avoid using an unrelated + volume by mistake. Starting the pod is then blocked until + the unrelated PVC is removed. If such a pre-created PVC is + meant to be used by the pod, the PVC has to updated with an + owner reference to the pod once the pod exists. Normally + this should not be necessary, but it may be useful when + manually reconstructing a broken cluster. + + + This field is read-only and no changes will be made by Kubernetes + to the PVC after it has been created. + + + Required, must not be nil. + properties: + metadata: + description: |- + May contain labels and annotations that will be copied into the PVC + when creating it. No other fields are allowed and will be rejected during + validation. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + The specification for the PersistentVolumeClaim. The entire content is + copied unchanged into the PVC that gets created from this + template. The same fields as in a PersistentVolumeClaim + are also valid here. + properties: + accessModes: + description: |- + accessModes contains the desired access modes the volume should have. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 + items: + type: string + type: array + dataSource: + description: |- + dataSource field can be used to specify either: + * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external controller can support the specified data source, + it will create a new volume based on the contents of the specified data source. + When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, + and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. + If the namespace is specified, then dataSourceRef will not be copied to dataSource. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + dataSourceRef: + description: |- + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty + volume is desired. This may be any object from a non-empty API group (non + core object) or a PersistentVolumeClaim object. + When this field is specified, volume binding will only succeed if the type of + the specified object matches some installed volume populator or dynamic + provisioner. + This field will replace the functionality of the dataSource field and as such + if both fields are non-empty, they must have the same value. For backwards + compatibility, when namespace isn't specified in dataSourceRef, + both fields (dataSource and dataSourceRef) will be set to the same + value automatically if one of them is empty and the other is non-empty. + When namespace is specified in dataSourceRef, + dataSource isn't set to the same value and must be empty. + There are three important differences between dataSource and dataSourceRef: + * While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. + * While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. + * While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. + (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. + (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + namespace: + description: |- + Namespace is the namespace of resource being referenced + Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. + (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + type: string + required: + - kind + - name + type: object + resources: + description: |- + resources represents the minimum resources the volume should have. + If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements + that are lower than previous value but must still be higher than capacity recorded in the + status field of the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + properties: + claims: + description: |- + Claims lists the names of resources, defined in spec.resourceClaims, + that are used by this container. + + + This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. + + + This field is immutable. It can only be set for containers. + items: + description: ResourceClaim references one + entry in PodSpec.ResourceClaims. + properties: + name: + description: |- + Name must match the name of one entry in pod.spec.resourceClaims of + the Pod where this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + type: object + selector: + description: selector is a label query over volumes + to consider for binding. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + storageClassName: + description: |- + storageClassName is the name of the StorageClass required by the claim. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 + type: string + volumeMode: + description: |- + volumeMode defines what type of volume is required by the claim. + Value of Filesystem is implied when not included in claim spec. + type: string + volumeName: + description: volumeName is the binding reference + to the PersistentVolume backing this claim. + type: string + type: object + required: + - spec + type: object + type: object + fc: + description: fc represents a Fibre Channel resource that is + attached to a kubelet's host machine and then exposed to the + pod. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + lun: + description: 'lun is Optional: FC target lun number' + format: int32 + type: integer + readOnly: + description: |- + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + targetWWNs: + description: 'targetWWNs is Optional: FC target worldwide + names (WWNs)' + items: + type: string + type: array + wwids: + description: |- + wwids Optional: FC volume world wide identifiers (wwids) + Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. + items: + type: string + type: array + type: object + flexVolume: + description: |- + flexVolume represents a generic volume resource that is + provisioned/attached using an exec based plugin. + properties: + driver: + description: driver is the name of the driver to use for + this volume. + type: string + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. + type: string + options: + additionalProperties: + type: string + description: 'options is Optional: this field holds extra + command options if any.' + type: object + readOnly: + description: |- + readOnly is Optional: defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef is Optional: secretRef is reference to the secret object containing + sensitive information to pass to the plugin scripts. This may be + empty if no secret object is specified. If the secret object + contains more than one secret, all secrets are passed to the plugin + scripts. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + required: + - driver + type: object + flocker: + description: flocker represents a Flocker volume attached to + a kubelet's host machine. This depends on the Flocker control + service being running + properties: + datasetName: + description: |- + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker + should be considered as deprecated + type: string + datasetUUID: + description: datasetUUID is the UUID of the dataset. This + is unique identifier of a Flocker dataset + type: string + type: object + gcePersistentDisk: + description: |- + gcePersistentDisk represents a GCE Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + properties: + fsType: + description: |- + fsType is filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + partition: + description: |- + partition is the partition in the volume that you want to mount. + If omitted, the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify the partition as "1". + Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + format: int32 + type: integer + pdName: + description: |- + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + type: boolean + required: + - pdName + type: object + gitRepo: + description: |- + gitRepo represents a git repository at a particular revision. + DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an + EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir + into the Pod's container. + properties: + directory: + description: |- + directory is the target directory name. + Must not contain or start with '..'. If '.' is supplied, the volume directory will be the + git repository. Otherwise, if specified, the volume will contain the git repository in + the subdirectory with the given name. + type: string + repository: + description: repository is the URL + type: string + revision: + description: revision is the commit hash for the specified + revision. + type: string + required: + - repository + type: object + glusterfs: + description: |- + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/glusterfs/README.md + properties: + endpoints: + description: |- + endpoints is the endpoint name that details Glusterfs topology. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + path: + description: |- + path is the Glusterfs volume path. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: string + readOnly: + description: |- + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. + Defaults to false. + More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod + type: boolean + required: + - endpoints + - path + type: object + hostPath: + description: |- + hostPath represents a pre-existing file or directory on the host + machine that is directly exposed to the container. This is generally + used for system agents or other privileged things that are allowed + to see the host machine. Most containers will NOT need this. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + --- + TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not + mount host directories as read/write. + properties: + path: + description: |- + path of the directory on the host. + If the path is a symlink, it will follow the link to the real path. + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + type: + description: |- + type for HostPath Volume + Defaults to "" + More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath + type: string + required: + - path + type: object + iscsi: + description: |- + iscsi represents an ISCSI Disk resource that is attached to a + kubelet's host machine and then exposed to the pod. + More info: https://examples.k8s.io/volumes/iscsi/README.md + properties: + chapAuthDiscovery: + description: chapAuthDiscovery defines whether support iSCSI + Discovery CHAP authentication + type: boolean + chapAuthSession: + description: chapAuthSession defines whether support iSCSI + Session CHAP authentication + type: boolean + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + initiatorName: + description: |- + initiatorName is the custom iSCSI Initiator Name. + If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface + : will be created for the connection. + type: string + iqn: + description: iqn is the target iSCSI Qualified Name. + type: string + iscsiInterface: + description: |- + iscsiInterface is the interface Name that uses an iSCSI transport. + Defaults to 'default' (tcp). + type: string + lun: + description: lun represents iSCSI Target Lun number. + format: int32 + type: integer + portals: + description: |- + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + items: + type: string + type: array + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + type: boolean + secretRef: + description: secretRef is the CHAP Secret for iSCSI target + and initiator authentication + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + targetPortal: + description: |- + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port + is other than default (typically TCP ports 860 and 3260). + type: string + required: + - iqn + - lun + - targetPortal + type: object + nfs: + description: |- + nfs represents an NFS mount on the host that shares a pod's lifetime + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + properties: + path: + description: |- + path that is exported by the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + readOnly: + description: |- + readOnly here will force the NFS export to be mounted with read-only permissions. + Defaults to false. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: boolean + server: + description: |- + server is the hostname or IP address of the NFS server. + More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + type: string + required: + - path + - server + type: object + path: + type: string + persistentVolumeClaim: + description: |- + persistentVolumeClaimVolumeSource represents a reference to a + PersistentVolumeClaim in the same namespace. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + properties: + claimName: + description: |- + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. + More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + type: string + readOnly: + description: |- + readOnly Will force the ReadOnly setting in VolumeMounts. + Default false. + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + description: photonPersistentDisk represents a PhotonController + persistent disk attached and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + pdID: + description: pdID is the ID that identifies Photon Controller + persistent disk + type: string + required: + - pdID + type: object + portworxVolume: + description: portworxVolume represents a portworx volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fSType represents the filesystem type to mount + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + volumeID: + description: volumeID uniquely identifies a Portworx volume + type: string + required: + - volumeID + type: object + projected: + description: projected items for all in one resources secrets, + configmaps, and downward API + properties: + defaultMode: + description: |- + defaultMode are the mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + sources: + description: sources is the list of volume projections + items: + description: Projection that may be projected along with + other supported volume types + properties: + configMap: + description: configMap information about the configMap + data to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + ConfigMap will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the ConfigMap, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional specify whether the ConfigMap + or its keys must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + downwardAPI: + description: downwardAPI information about the downwardAPI + data to project + properties: + items: + description: Items is a list of DownwardAPIVolume + file + items: + description: DownwardAPIVolumeFile represents + information to create the file containing + the pod field + properties: + fieldRef: + description: 'Required: Selects a field + of the pod: only annotations, labels, + name and namespace are supported.' + properties: + apiVersion: + description: Version of the schema the + FieldPath is written in terms of, + defaults to "v1". + type: string + fieldPath: + description: Path of the field to select + in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + mode: + description: |- + Optional: mode bits used to set permissions on this file, must be an octal value + between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: 'Required: Path is the relative + path name of the file to be created. Must + not be absolute or contain the ''..'' + path. Must be utf-8 encoded. The first + item of the relative path must not start + with ''..''' + type: string + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format + of the exposed resources, defaults + to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to + select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + required: + - path + type: object + type: array + type: object + secret: + description: secret information about the secret data + to project + properties: + items: + description: |- + items if unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within + a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: optional field specify whether the + Secret or its key must be defined + type: boolean + type: object + x-kubernetes-map-type: atomic + serviceAccountToken: + description: serviceAccountToken is information about + the serviceAccountToken data to project + properties: + audience: + description: |- + audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + description: |- + expirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours.Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + type: integer + path: + description: |- + path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + description: quobyte represents a Quobyte mount on the host + that shares a pod's lifetime + properties: + group: + description: |- + group to map volume access to + Default is no group + type: string + readOnly: + description: |- + readOnly here will force the Quobyte volume to be mounted with read-only permissions. + Defaults to false. + type: boolean + registry: + description: |- + registry represents a single or multiple Quobyte Registry services + specified as a string as host:port pair (multiple entries are separated with commas) + which acts as the central registry for volumes + type: string + tenant: + description: |- + tenant owning the given Quobyte volume in the Backend + Used with dynamically provisioned Quobyte volumes, value is set by the plugin + type: string + user: + description: |- + user to map volume access to + Defaults to serivceaccount user + type: string + volume: + description: volume is a string that references an already + created Quobyte volume by name. + type: string + required: + - registry + - volume + type: object + rbd: + description: |- + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. + More info: https://examples.k8s.io/volumes/rbd/README.md + properties: + fsType: + description: |- + fsType is the filesystem type of the volume that you want to mount. + Tip: Ensure that the filesystem type is supported by the host operating system. + Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + TODO: how do we prevent errors in the filesystem from compromising the machine + type: string + image: + description: |- + image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + keyring: + description: |- + keyring is the path to key ring for RBDUser. + Default is /etc/ceph/keyring. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + monitors: + description: |- + monitors is a collection of Ceph monitors. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + items: + type: string + type: array + pool: + description: |- + pool is the rados pool name. + Default is rbd. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + readOnly: + description: |- + readOnly here will force the ReadOnly setting in VolumeMounts. + Defaults to false. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: boolean + secretRef: + description: |- + secretRef is name of the authentication secret for RBDUser. If provided + overrides keyring. + Default is nil. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + user: + description: |- + user is the rados user name. + Default is admin. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + type: string + required: + - image + - monitors + type: object + scaleIO: + description: scaleIO represents a ScaleIO persistent volume + attached and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". + Default is "xfs". + type: string + gateway: + description: gateway is the host address of the ScaleIO + API Gateway. + type: string + protectionDomain: + description: protectionDomain is the name of the ScaleIO + Protection Domain for the configured storage. + type: string + readOnly: + description: |- + readOnly Defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef references to the secret for ScaleIO user and other + sensitive information. If this is not provided, Login operation will fail. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + sslEnabled: + description: sslEnabled Flag enable/disable SSL communication + with Gateway, default false + type: boolean + storageMode: + description: |- + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. + Default is ThinProvisioned. + type: string + storagePool: + description: storagePool is the ScaleIO Storage Pool associated + with the protection domain. + type: string + system: + description: system is the name of the storage system as + configured in ScaleIO. + type: string + volumeName: + description: |- + volumeName is the name of a volume already created in the ScaleIO system + that is associated with this volume source. + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + description: |- + secret represents a secret that should populate this volume. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + properties: + defaultMode: + description: |- + defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + items: + description: |- + items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + items: + description: Maps a string key to a path within a volume. + properties: + key: + description: key is the key to project. + type: string + mode: + description: |- + mode is Optional: mode bits used to set permissions on this file. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. + If not specified, the volume defaultMode will be used. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + format: int32 + type: integer + path: + description: |- + path is the relative path of the file to map the key to. + May not be an absolute path. + May not contain the path element '..'. + May not start with the string '..'. + type: string + required: + - key + - path + type: object + type: array + optional: + description: optional field specify whether the Secret or + its keys must be defined + type: boolean + secretName: + description: |- + secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + type: string + type: object + storageos: + description: storageOS represents a StorageOS volume attached + and mounted on Kubernetes nodes. + properties: + fsType: + description: |- + fsType is the filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + readOnly: + description: |- + readOnly defaults to false (read/write). ReadOnly here will force + the ReadOnly setting in VolumeMounts. + type: boolean + secretRef: + description: |- + secretRef specifies the secret to use for obtaining the StorageOS API + credentials. If not specified, default values will be attempted. + properties: + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + type: object + x-kubernetes-map-type: atomic + volumeName: + description: |- + volumeName is the human-readable name of the StorageOS volume. Volume + names are only unique within a namespace. + type: string + volumeNamespace: + description: |- + volumeNamespace specifies the scope of the volume within StorageOS. If no + namespace is specified then the Pod's namespace will be used. This allows the + Kubernetes name scoping to be mirrored within StorageOS for tighter integration. + Set VolumeName to any name to override the default behaviour. + Set to "default" if you are not using namespaces within StorageOS. + Namespaces that do not pre-exist within StorageOS will be created. + type: string + type: object + vsphereVolume: + description: vsphereVolume represents a vSphere volume attached + and mounted on kubelets host machine + properties: + fsType: + description: |- + fsType is filesystem type to mount. + Must be a filesystem type supported by the host operating system. + Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. + type: string + storagePolicyID: + description: storagePolicyID is the storage Policy Based + Management (SPBM) profile ID associated with the StoragePolicyName. + type: string + storagePolicyName: + description: storagePolicyName is the storage Policy Based + Management (SPBM) profile name. + type: string + volumePath: + description: volumePath is the path that identifies vSphere + volume vmdk + type: string + required: + - volumePath + type: object + required: + - path + type: object + type: array persistence: description: |- Persistence defines the persistence configuration. If empty k0smotron diff --git a/docs/resource-reference.md b/docs/resource-reference.md index 9b54c7bf3..d5fe9083c 100644 --- a/docs/resource-reference.md +++ b/docs/resource-reference.md @@ -2328,6 +2328,17 @@ https://kubernetes.io/docs/concepts/storage/volumes
Monitoring defines the monitoring configuration.
false + + mounts + []object + + Mounts allows to specify list of volumes with any files to be +mounted in the controlplane pod. K0smotron allows any kind of volume, but the +recommendation is to use secrets and configmaps. +For more information check: +https://kubernetes.io/docs/concepts/storage/volumes
+ + false persistence object @@ -5985,13 +5996,12 @@ them as usual kubernetes pod metrics.
-### K0smotronControlPlane.spec.persistence +### K0smotronControlPlane.spec.mounts[index] [↩ Parent](#k0smotroncontrolplanespec) -Persistence defines the persistence configuration. If empty k0smotron -will use emptyDir as a volume. + @@ -6003,280 +6013,279 @@ will use emptyDir as a volume. - + - - + + - + - -
typepath string
-
- Default: emptyDir
 true
hostPathstringawsElasticBlockStoreobject - HostPath defines the host path configuration. Will be used as is in case of .spec.persistence.type is hostPath.
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
persistentVolumeClaimazureDisk object - PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc.
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
 false
- - -### K0smotronControlPlane.spec.persistence.persistentVolumeClaim -[↩ Parent](#k0smotroncontrolplanespecpersistence) - - - -PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc. - - - - - - - - - - - - - + + + - - + + - + - + - + - -
NameTypeDescriptionRequired
apiVersionstring
azureFileobject - APIVersion defines the versioned schema of this representation of an object. -Servers should convert recognized schemas to the latest internal value, and -may reject unrecognized values. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod.
 false
kindstringcephfsobject - Kind is a string value representing the REST resource this object represents. -Servers may infer this from the endpoint the client submits requests to. -Cannot be updated. -In CamelCase. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
 false
metadatacinder object - Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
specconfigMap object - spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ configMap represents a configMap that should populate this volume
 false
statuscsi object - status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
 false
+ + downwardAPI + object + + downwardAPI represents downward API about the pod that should populate this volume
+ + false + + emptyDir + object + + emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ + false + + ephemeral + object + + ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. -### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.metadata -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. -Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - - - - - - - - - - - - +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
+ + + + + - - + + - - + + - - + + - - + + - -
NameTypeDescriptionRequired
annotationsmap[string]stringfalse
fcobject -
+ fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
 false
finalizers[]stringflexVolumeobject -
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
labelsmap[string]stringflockerobject -
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
 false
namestringgcePersistentDiskobject -
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
namespacestringgitRepoobject -
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
- - -### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) - - - -spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims - - - - - - - - - - - - - + + + - + - + - + - + - - + + - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessModes[]string
glusterfsobject - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
dataSourcehostPath object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
dataSourceRefiscsi object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
resourcesnfs object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
selectorpersistentVolumeClaim object - selector is a label query over volumes to consider for binding.
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
storageClassNamestringphotonPersistentDiskobject - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
 false
volumeModestringportworxVolumeobject - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine
 false
volumeNamestringprojectedobject - volumeName is the binding reference to the PersistentVolume backing this claim.
+ projected items for all in one resources secrets, configmaps, and downward API
+ 		false
quobyteobject + quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ 		false
rbdobject + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
+ 		false
scaleIOobject + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ 		false
secretobject + secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
storageosobject + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ 		false
vsphereVolumeobject + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
 false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.dataSource -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlane.spec.mounts[index].awsElasticBlockStore +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -6288,60 +6297,54 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour - + - + - + - - + + + + + + +
kindvolumeID string - Kind is the type of resource being referenced
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
namefsType string - Name is the name of resource being referenced
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
truefalse
apiGroupstringpartitioninteger - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.dataSourceRef -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlane.spec.mounts[index].azureDisk +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -6353,104 +6356,60 @@ There are three important differences between dataSource and dataSourceRef: - + - + - + - + - - -
kinddiskName string - Kind is the type of resource being referenced
+ diskName is the Name of the data disk in the blob storage
 true
namediskURI string - Name is the name of resource being referenced
+ diskURI is the URI of data disk in the blob storage
 true
apiGroupcachingMode string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ cachingMode is the Host Caching mode: None, Read Only, Read Write.
 false
namespacefsType string - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
- 		false
- - -### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.resources -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) - - - -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources - - - - - - - - - - - - - - - - + + - - + +
NameTypeDescriptionRequired
claims[]object - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
limitsmap[string]int or stringkindstring - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
 false
requestsmap[string]int or stringreadOnlyboolean - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.resources.claims[index] -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspecresources) +### K0smotronControlPlane.spec.mounts[index].azureFile +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -ResourceClaim references one entry in PodSpec.ResourceClaims. +azureFile represents an Azure File Service mount on the host and bind mount to the pod. @@ -6462,24 +6421,37 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - + + + + + + + + + + +
namesecretName string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ secretName is the name of secret that contains Azure Storage Account Name and Key
 true
shareNamestring + shareName is the azure share Name
+ 		true
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.selector -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlane.spec.mounts[index].cephfs +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -selector is a label query over volumes to consider for binding. +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -6491,32 +6463,64 @@ selector is a label query over volumes to consider for binding. - - + + - + - - + + - -
matchExpressions[]objectmonitors[]string - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
falsetrue
matchLabelsmap[string]stringpathstring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
 false
- - -### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.selector.matchExpressions[index] -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspecselector) + + readOnly + boolean + + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ + false + + secretFile + string + + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ + false + + secretRef + object + + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ + false + + user + string + + user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ + false + + +### K0smotronControlPlane.spec.mounts[index].cephfs.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexcephfs) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. + + +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -6528,42 +6532,25 @@ relates the key and values. - - - - - - + - - - - -
keystring - key is the label key that the selector applies to.
- 		true
operatorname string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.status -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) +### K0smotronControlPlane.spec.mounts[index].cinder +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -6575,120 +6562,144 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis - - + + + + + + + - - + + + + + + + + + +
accessModes[]stringvolumeIDstring - accessModes contains the actual access modes the volume backing the PVC has. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
allocatedResourceStatusesmap[string]stringreadOnlyboolean - allocatedResourceStatuses stores status of resource being resized for the given PVC. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
secretRefobject + secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
+ 		false
-ClaimResourceStatus can be in any of following states: - - ControllerResizeInProgress: - State set when resize controller starts resizing the volume in control-plane. - - ControllerResizeFailed: - State set when resize has failed in resize controller with a terminal error. - - NodeResizePending: - State set when resize controller has finished resizing the volume but further resizing of - volume is needed on the node. - - NodeResizeInProgress: - State set when kubelet starts resizing the volume. - - NodeResizeFailed: - State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - NodeResizeFailed. -For example: if expanding a PVC for more capacity - this field can be one of the following states: - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" -When this field is not set, it means that no resize operation is in progress for the given PVC. +### K0smotronControlPlane.spec.mounts[index].cinder.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexcinder) -A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ + + + + + + + + + + + + - - - - +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
allocatedResourcesmap[string]int or string - allocatedResources tracks the resources allocated to a PVC including its capacity. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. +
-Capacity reported here may be larger than the actual capacity when a volume expansion operation -is requested. -For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. -If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. -If a volume expansion capacity request is lowered, allocatedResources is only -lowered if there are no expansion operations in progress and if the actual volume capacity -is equal or lower than the requested capacity. +### K0smotronControlPlane.spec.mounts[index].configMap +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -A controller that receives PVC update with previously unknown resourceName -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. +configMap represents a configMap that should populate this volume -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ + + + + + + + + + + + + - - + + - - + + - - + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
capacitymap[string]int or stringitems[]object - capacity represents the actual resources of the underlying volume.
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
conditions[]objectnamestring - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being -resized then the Condition will be set to 'ResizeStarted'.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
phasestringoptionalboolean - phase represents the current phase of PersistentVolumeClaim.
+ optional specify whether the ConfigMap or its keys must be defined
 false
-### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.status.conditions[index] -[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimstatus) +### K0smotronControlPlane.spec.mounts[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexconfigmap) -PersistentVolumeClaimCondition contains details about state of pvc +Maps a string key to a path within a volume. @@ -6700,63 +6711,46 @@ PersistentVolumeClaimCondition contains details about state of pvc - + - + - - - - - - - + + - - - - - - - - - -
statuskey string -
+ key is the key to project.
 true
typepath string - PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
lastProbeTimestring - lastProbeTime is the time we probed the condition.
-
- Format: date-time
- 		false
lastTransitionTimestringmodeinteger - lastTransitionTime is the time the condition transitioned from one status to another.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

- Format: date-time
- 		false
messagestring - message is the human-readable message indicating details about last transition.
- 		false
reasonstring - reason is a unique, this should be a short, machine understandable string that gives the reason -for condition's last transition. If it reports "ResizeStarted" that means the underlying -persistent volume is being resized.
+ Format: int32
 false
-### K0smotronControlPlane.spec.resources -[↩ Parent](#k0smotroncontrolplanespec) +### K0smotronControlPlane.spec.mounts[index].csi +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -Resources describes the compute resource requirements for the control plane pods. +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). @@ -6768,48 +6762,63 @@ Resources describes the compute resource requirements for the control plane pods - - + + + + + + + - - + + - - + + + + + + +
claims[]objectdriverstring - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
+ 		true
fsTypestring + fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
limitsmap[string]int or stringnodePublishSecretRefobject - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
requestsmap[string]int or stringreadOnlyboolean - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
+ 		false
volumeAttributesmap[string]string + volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
-### K0smotronControlPlane.spec.resources.claims[index] -[↩ Parent](#k0smotroncontrolplanespecresources) +### K0smotronControlPlane.spec.mounts[index].csi.nodePublishSecretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexcsi) -ResourceClaim references one entry in PodSpec.ResourceClaims. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. @@ -6824,21 +6833,21 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - +
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-### K0smotronControlPlane.spec.service -[↩ Parent](#k0smotroncontrolplanespec) +### K0smotronControlPlane.spec.mounts[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -Service defines the service configuration. +downwardAPI represents downward API about the pod that should populate this volume @@ -6850,52 +6859,38 @@ Service defines the service configuration. - - - - - - - - - - - + - - + +
typeenum - Service Type string describes ingress methods for a service
-
- Enum: ClusterIP, NodePort, LoadBalancer
- Default: ClusterIP
- 		true
annotationsmap[string]string - Annotations defines extra annotations to be added to the service.
- 		false
apiPortdefaultMode integer - APIPort defines the kubernetes API port. If empty k0smotron -will pick it automatically.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

- Default: 30443
+ Format: int32
 false
konnectivityPortintegeritems[]object - KonnectivityPort defines the konnectivity port. If empty k0smotron -will pick it automatically.
-
- Default: 30132
+ Items is a list of downward API volume file
 false
-### K0smotronControlPlane.status -[↩ Parent](#k0smotroncontrolplane) - +### K0smotronControlPlane.spec.mounts[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexdownwardapi) +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -6907,45 +6902,51 @@ will pick it automatically.
- - + + - - + + - + - - + + - + - - + + - +
controlPlaneReadybooleanpathstring -
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
 true
externalManagedControlPlanebooleanfieldRefobject -
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
truefalse
initializedbooleanmodeinteger + Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

+ Format: int32
truefalse
readybooleanresourceFieldRefobject - Ready denotes that the control plane is ready
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
truefalse
-## K0smotronControlPlaneTemplate -[↩ Parent](#controlplaneclusterx-k8siov1beta1 ) - - - +### K0smotronControlPlane.spec.mounts[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexdownwardapiitemsindex) +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -6957,39 +6958,30 @@ will pick it automatically.
- - - - - - - - - - - - - - - - + + + + - - + +
apiVersionstringcontrolplane.cluster.x-k8s.io/v1beta1true
kindstringK0smotronControlPlaneTemplatetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.truefieldPathstring + Path of the field to select in the specified API version.
+ 		true
specobjectapiVersionstring -
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-### K0smotronControlPlaneTemplate.spec -[↩ Parent](#k0smotroncontrolplanetemplate) - +### K0smotronControlPlane.spec.mounts[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexdownwardapiitemsindex) +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -7001,22 +6993,37 @@ will pick it automatically.
- - + + + + + + + + + + + +
templateobjectresourcestring -
+ Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
 false
-### K0smotronControlPlaneTemplate.spec.template -[↩ Parent](#k0smotroncontrolplanetemplatespec) - +### K0smotronControlPlane.spec.mounts[index].emptyDir +[↩ Parent](#k0smotroncontrolplanespecmountsindex) +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -7028,29 +7035,64 @@ will pick it automatically.
- - + + - - + +
metadataobjectmediumstring -
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
specobjectsizeLimitint or string - ClusterSpec defines the desired state of K0smotronCluster
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
-### K0smotronControlPlaneTemplate.spec.template.metadata -[↩ Parent](#k0smotroncontrolplanetemplatespectemplate) +### K0smotronControlPlane.spec.mounts[index].ephemeral +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. @@ -7062,50 +7104,110 @@ will pick it automatically.
- - - - - - - - - - - - + + - - - + +
annotationsmap[string]string -
- 		false
finalizers[]string -
- 		false
labelsmap[string]stringvolumeClaimTemplateobject -
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
namestring
+ + +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeral) + + + +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. + + + + + + + + + + + + + - + - - + +
NameTypeDescriptionRequired
specobject -
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
falsetrue
namespacestringmetadataobject -
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec -[↩ Parent](#k0smotroncontrolplanetemplatespectemplate) +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplate) -ClusterSpec defines the desired state of K0smotronCluster +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. @@ -7117,150 +7219,235 @@ ClusterSpec defines the desired state of K0smotronCluster - - - - - - + - + - - + + - - + + - + - + - + - - + + - - - + +
certificateRefs[]object - CertificateRefs defines the certificate references.
- 		false
controllerPlaneFlagsaccessModes []string - ControlPlaneFlags allows to configure additional flags for k0s -control plane and to override existing ones. The default flags are -kept unless they are overriden explicitly. Flags with arguments must -be specified as a single string, e.g. --some-flag=argument
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
 false
etcddataSource object - Etcd defines the etcd configuration.
-
- Default: map[image:quay.io/k0sproject/etcd:v3.5.13 persistence:map[]]
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
externalAddressstringdataSourceRefobject - ExternalAddress defines k0s external address. See https://docs.k0sproject.io/stable/configuration/#specapi -Will be detected automatically for service type LoadBalancer.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
imagestringresourcesobject - Image defines the k0s image to be deployed. If empty k0smotron -will pick it automatically. Must not include the image tag.
-
- Default: k0sproject/k0s
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
k0sConfigselector object - k0sConfig defines the k0s configuration. Note, that some fields will be overwritten by k0smotron. -If empty, will be used default configuration. @see https://docs.k0sproject.io/stable/configuration/
+ selector is a label query over volumes to consider for binding.
 false
kineDataSourceSecretNamestorageClassName string - KineDataSourceSecretName defines the name of kine datasource URL secret. -KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup -and one of them must be set if replicas > 1.
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
kineDataSourceURLvolumeMode string - KineDataSourceURL defines the kine datasource URL. -KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup -and one of them must be set if replicas > 1.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
manifests[]objectvolumeNamestring - Manifests allows to specify list of volumes with manifests to be -deployed in the cluster. The volumes will be mounted -in /var/lib/k0s/manifests/, for this reason each -manifest is a stack. K0smotron allows any kind of volume, but the -recommendation is to use secrets and configmaps. -For more information check: -https://docs.k0sproject.io/stable/manifests/ and -https://kubernetes.io/docs/concepts/storage/volumes
+ volumeName is the binding reference to the PersistentVolume backing this claim.
 false
monitoringobject
+ + +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespec) + + + +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. + + + + + + + + + + + + + - + - - + + - + - - + + + +
NameTypeDescriptionRequired
kindstring - Monitoring defines the monitoring configuration.
+ Kind is the type of resource being referenced
falsetrue
persistenceobjectnamestring - Persistence defines the persistence configuration. If empty k0smotron -will use emptyDir as a volume.
+ Name is the name of resource being referenced
falsetrue
replicasintegerapiGroupstring - Replicas is the desired number of replicas of the k0s control planes. -If unspecified, defaults to 1. If the value is above 1, k0smotron requires kine datasource URL to be set. -Recommended value is 3.
-
- Format: int32
- Default: 1
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
+ + +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespec) + + + +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + + + + + + + + + + + + + + + - - + + - + - - + + - +
NameTypeDescriptionRequired
kindstring + Kind is the type of resource being referenced
+ 		true
resourcesobjectnamestring - Resources describes the compute resource requirements for the control plane pods.
+ Name is the name of resource being referenced
falsetrue
serviceobjectapiGroupstring - Service defines the service configuration.
-
- Default: map[apiPort:30443 konnectivityPort:30132 type:ClusterIP]
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
versionnamespace string - Version defines the k0s version to be deployed. If empty k0smotron -will pick it automatically.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.certificateRefs[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) - +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespec) +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -7272,31 +7459,48 @@ will pick it automatically.
- - + + - + - - + + + + + + +
typeenumclaims[]object -
-
- Enum: ca, sa, proxy, etcd, apiserver-etcd-client, etcd-peer, etcd-server
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
truefalse
namestringlimitsmap[string]int or string -
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.etcd -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespecresources) -Etcd defines the etcd configuration. +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -7308,38 +7512,24 @@ Etcd defines the etcd configuration. - + - - - - - - - - - -
imagename string - Image defines the etcd image to be deployed.
-
- Default: quay.io/k0sproject/etcd:v3.5.13
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
args[]string - Args defines the etcd arguments.
- 		false
persistenceobject - Persistence defines the persistence configuration.
- 		false
-### K0smotronControlPlaneTemplate.spec.template.spec.etcd.persistence -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecetcd) +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespec) -Persistence defines the persistence configuration. +selector is a label query over volumes to consider for binding. @@ -7351,31 +7541,32 @@ Persistence defines the persistence configuration. - - + + - - + +
sizeint or stringmatchExpressions[]object - Size defines the size of the etcd volume. Default: 1Gi
-
- Default: 1Gi
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
storageClassstringmatchLabelsmap[string]string - StorageClass defines the storage class to be used for etcd persistence. If empty, will be used the default storage class.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplatespecselector) -Volume represents a named volume in a pod that may be accessed by any container in the pod. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -7387,281 +7578,292 @@ Volume represents a named volume in a pod that may be accessed by any container - + - - - - - - - - - - - - + + - + - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
namekey string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ key is the label key that the selector applies to.
 true
awsElasticBlockStoreobject - awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- 		false
azureDiskobject - azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- 		false
azureFileobjectoperatorstring - azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
cephfsobjectvalues[]string - cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
cinderobject - cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- 		false
configMapobject - configMap represents a configMap that should populate this volume
- 		false
csiobject - csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
- 		false
downwardAPIobject - downwardAPI represents downward API about the pod that should populate this volume
- 		false
emptyDirobject - emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
- 		false
ephemeralobject - ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). +
-Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. +### K0smotronControlPlane.spec.mounts[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#k0smotroncontrolplanespecmountsindexephemeralvolumeclaimtemplate) -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. -A pod can use both types of ephemeral volumes and -persistent volumes at the same time.
- - false - - fc - object - - fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
- - false - - flexVolume - object + + + + + + + + + + + + - - + + - - + + - - + + - - + + - - - + +
NameTypeDescriptionRequired
annotationsmap[string]string - flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+
false
flockerobjectfinalizers[]string - flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+
false
gcePersistentDiskobjectlabelsmap[string]string - gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
false
gitRepoobjectnamestring - gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container.
+
false
glusterfsobjectnamespacestring - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md
+
false
hostPathobject
+ + +### K0smotronControlPlane.spec.mounts[index].fc +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + + + + + + + + + + + + + - - + + - - + + - - + + - - + + - - - + +
NameTypeDescriptionRequired
fsTypestring - hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
iscsiobjectluninteger - iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md
+ lun is Optional: FC target lun number
+
+ Format: int32
 false
nfsobjectreadOnlyboolean - nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
persistentVolumeClaimobjecttargetWWNs[]string - persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ targetWWNs is Optional: FC target worldwide names (WWNs)
 false
photonPersistentDiskobjectwwids[]string - photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
portworxVolumeobject
+ + +### K0smotronControlPlane.spec.mounts[index].flexVolume +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. + + + + + + + + + + + + + - + - - + + - - + + - - + + - + - - - + +
NameTypeDescriptionRequired
driverstring - portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ driver is the name of the driver to use for this volume.
falsetrue
projectedobjectfsTypestring - projected items for all in one resources secrets, configmaps, and downward API
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
quobyteobjectoptionsmap[string]string - quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ options is Optional: this field holds extra command options if any.
 false
rbdobjectreadOnlyboolean - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
scaleIOsecretRef object - scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
secretobject
+ + +### K0smotronControlPlane.spec.mounts[index].flexVolume.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexflexvolume) + + + +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. + + + + + + + + + + + + + - - - + +
NameTypeDescriptionRequired
namestring - secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
storageosobject
+ + +### K0smotronControlPlane.spec.mounts[index].flocker +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + + + + + + + + + + + + + - - + +
NameTypeDescriptionRequired
datasetNamestring - storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
vsphereVolumeobjectdatasetUUIDstring - vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].awsElasticBlockStore -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].gcePersistentDisk +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -awsElasticBlockStore represents an AWS Disk resource that is attached to a +gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -7673,21 +7875,21 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst - + @@ -7698,7 +7900,8 @@ TODO: how do we prevent errors in the filesystem from compromising the machine +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
@@ -7707,20 +7910,24 @@ Similarly, the volume partition for /dev/sda is "0" (or you can leave the proper
volumeIDpdName string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. + fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine
 falsereadOnly boolean - readOnly value true will force the readOnly setting in VolumeMounts. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].azureDisk -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].gitRepo +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. @@ -7732,60 +7939,40 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the - - - - - - + - - - - - - + - + - - - - -
diskNamestring - diskName is the Name of the data disk in the blob storage
- 		true
diskURIrepository string - diskURI is the URI of data disk in the blob storage
+ repository is the URL
 true
cachingModestring - cachingMode is the Host Caching mode: None, Read Only, Read Write.
- 		false
fsTypedirectory string - fsType is Filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
kindrevision string - kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
- 		false
readOnlyboolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ revision is the commit hash for the specified revision.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].azureFile -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].glusterfs +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -azureFile represents an Azure File Service mount on the host and bind mount to the pod. +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -7797,37 +7984,47 @@ azureFile represents an Azure File Service mount on the host and bind mount to t - + - +
secretNameendpoints string - secretName is the name of secret that contains Azure Storage Account Name and Key
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
shareNamepath string - shareName is the azure share Name
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cephfs -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].hostPath +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. @@ -7839,64 +8036,35 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - - - - - - - - - - - - - - - - - - - - - + - +
monitors[]string - monitors is Required: Monitors is a collection of Ceph monitors -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- 		true
path string - path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- 		false
readOnlyboolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- 		false
secretFilestring - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- 		false
secretRefobject - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
falsetrue
usertype string - user is optional: User is the rados user name, default is admin -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cephfs.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcephfs) +### K0smotronControlPlane.spec.mounts[index].iscsi +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -7908,81 +8076,104 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - + - - -
nameiqn string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ iqn is the target iSCSI Qualified Name.
false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cinder -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) - - - -cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md - - - - - - - - - - - - - + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - +
NameTypeDescriptionRequired
volumeIDstringtrue
luninteger - volumeID used to identify the volume in cinder. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ lun represents iSCSI Target Lun number.
+
+ Format: int32
 true
fsTypetargetPortal string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		true
chapAuthDiscoveryboolean + chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+ 		false
chapAuthSessionboolean + chapAuthSession defines whether support iSCSI Session CHAP authentication
+ 		false
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
initiatorNamestring + initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
+ 		false
iscsiInterfacestring + iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
+ 		false
portals[]string + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
readOnly boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
secretRefsecretRef object - secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack.
+ secretRef is the CHAP Secret for iSCSI target and initiator authentication
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cinder.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcinder) +### K0smotronControlPlane.spec.mounts[index].iscsi.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexiscsi) -secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack. +secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -8006,12 +8197,13 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].configMap -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].nfs +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -configMap represents a configMap that should populate this volume +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -8023,59 +8215,78 @@ configMap represents a configMap that should populate this volume - - + + - + - - + + - + - - + + + +
defaultModeintegerpathstring - defaultMode is optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
falsetrue
items[]objectserverstring - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
falsetrue
namestringreadOnlyboolean - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
+ + +### K0smotronControlPlane.spec.mounts[index].persistentVolumeClaim +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + + + + - +
NameTypeDescriptionRequired
claimNamestring + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		true
optionalreadOnly boolean - optional specify whether the ConfigMap or its keys must be defined
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].configMap.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexconfigmap) +### K0smotronControlPlane.spec.mounts[index].photonPersistentDisk +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -Maps a string key to a path within a volume. +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine @@ -8087,46 +8298,116 @@ Maps a string key to a path within a volume. - + - + + + +
keypdID string - key is the key to project.
+ pdID is the ID that identifies Photon Controller persistent disk
 true
pathfsType string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
+ + +### K0smotronControlPlane.spec.mounts[index].portworxVolume +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +portworxVolume represents a portworx volume attached and mounted on kubelets host machine + + + + + + + + + + + + + + - + + + + + + + + + + +
NameTypeDescriptionRequired
volumeIDstring + volumeID uniquely identifies a Portworx volume
 true
modefsTypestring + fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
+ + +### K0smotronControlPlane.spec.mounts[index].projected +[↩ Parent](#k0smotroncontrolplanespecmountsindex) + + + +projected items for all in one resources secrets, configmaps, and downward API + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultMode integer - mode is Optional: mode bits used to set permissions on this file. + defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. +Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 false
sources[]object + sources is the list of volume projections
+ 		false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].csi -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojected) -csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). +Projection that may be projected along with other supported volume types @@ -8138,63 +8419,43 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b - - - - - - - + + - + - - + + - - + +
driverstring - driver is the name of the CSI driver that handles this volume. -Consult with your admin for the correct name as registered in the cluster.
- 		true
fsTypestringconfigMapobject - fsType to mount. Ex. "ext4", "xfs", "ntfs". -If not provided, the empty value is passed to the associated CSI driver -which will determine the default filesystem to apply.
+ configMap information about the configMap data to project
 false
nodePublishSecretRefdownwardAPI object - nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed.
+ downwardAPI information about the downwardAPI data to project
 false
readOnlybooleansecretobject - readOnly specifies a read-only configuration for the volume. -Defaults to false (read/write).
+ secret information about the secret data to project
 false
volumeAttributesmap[string]stringserviceAccountTokenobject - volumeAttributes stores driver-specific properties that are passed to the CSI -driver. Consult your driver's documentation for supported values.
+ serviceAccountToken is information about the serviceAccountToken data to project
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].csi.nodePublishSecretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcsi) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].configMap +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindex) -nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed. +configMap information about the configMap data to project @@ -8206,6 +8467,19 @@ secret object contains more than one secret, all secret references are passed. + + + + + + + + + +
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string @@ -8214,16 +8488,23 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam TODO: Add other useful fields. apiVersion, kind, uid?
 false
optionalboolean + optional specify whether the ConfigMap or its keys must be defined
+ 		false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindexconfigmap) -downwardAPI represents downward API about the pod that should populate this volume +Maps a string key to a path within a volume. @@ -8235,34 +8516,69 @@ downwardAPI represents downward API about the pod that should populate this volu - + + + + + + + + + + + - - + +
defaultModekeystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
mode integer - Optional: mode bits to use on created files by default. Must be a -Optional: mode bits used to set permissions on created files by default. + mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. +If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 false
items
+ + +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindex) + + + +downwardAPI information about the downwardAPI data to project + + + + + + + + + + + +
NameTypeDescriptionRequired
items []object - Items is a list of downward API volume file
+ Items is a list of DownwardAPIVolume file
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapi) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindexdownwardapi) @@ -8285,7 +8601,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p true - fieldRef + fieldRef object Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
@@ -8306,7 +8622,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - resourceFieldRef + resourceFieldRef object Selects a resource of the container: only resources limits and requests @@ -8317,8 +8633,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index].fieldRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapiitemsindex) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindexdownwardapiitemsindex) @@ -8351,8 +8667,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapiitemsindex) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindexdownwardapiitemsindex) @@ -8393,13 +8709,12 @@ Selects a resource of the container: only resources limits and requests -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].emptyDir -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].secret +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindex) -emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +secret information about the secret data to project @@ -8411,64 +8726,44 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - + + + + + + - - + +
mediumitems[]object + items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string - medium represents what type of storage medium should back this directory. -The default is "" which means to use the node's default medium. -Must be an empty string (default) or Memory. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
sizeLimitint or stringoptionalboolean - sizeLimit is the total amount of local storage required for this EmptyDir volume. -The size limit is also applicable for memory medium. -The maximum usage on memory medium EmptyDir would be the minimum value between -the SizeLimit specified here and the sum of memory limits of all containers in a pod. -The default is nil which means that the limit is undefined. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ optional field specify whether the Secret or its key must be defined
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) - - - -ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindexsecret) -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. -A pod can use both types of ephemeral volumes and -persistent volumes at the same time. +Maps a string key to a path within a volume. @@ -8480,68 +8775,46 @@ persistent volumes at the same time. - - + + + + + + + + + + + +
volumeClaimTemplateobjectkeystring - Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil.
+ key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeral) - - - -Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - +### K0smotronControlPlane.spec.mounts[index].projected.sources[index].serviceAccountToken +[↩ Parent](#k0smotroncontrolplanespecmountsindexprojectedsourcesindex) -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. -Required, must not be nil. +serviceAccountToken is information about the serviceAccountToken data to project @@ -8553,37 +8826,47 @@ Required, must not be nil. - - + + - - + + + + + + +
specobjectpathstring - The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here.
+ path is the path relative to the mount point of the file to project the +token into.
 true
metadataobjectaudiencestring - May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
+ 		false
expirationSecondsinteger + expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.
+
+ Format: int64
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplate) +### K0smotronControlPlane.spec.mounts[index].quobyte +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here. +quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -8595,114 +8878,64 @@ are also valid here. - - - - - - - - - - - - + + - + - - + + - + - - + + - - + + - + - +
accessModes[]string - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
- 		false
dataSourceobject - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- 		false
dataSourceRefobjectregistrystring - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
falsetrue
resourcesobjectvolumestring - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ volume is a string that references an already created Quobyte volume by name.
falsetrue
selectorobjectgroupstring - selector is a label query over volumes to consider for binding.
+ group to map volume access to +Default is no group
 false
storageClassNamestringreadOnlyboolean - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
volumeModetenant string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
volumeNameuser string - volumeName is the binding reference to the PersistentVolume backing this claim.
+ user to map volume access to +Defaults to serivceaccount user
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSource -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +### K0smotronControlPlane.spec.mounts[index].rbd +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md @@ -8714,60 +8947,91 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour - + - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + +
kindimage string - Kind is the type of resource being referenced
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
namestringmonitors[]string - Name is the name of resource being referenced
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
apiGroupfsType string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
keyringstring + keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
poolstring + pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
secretRefobject + secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
userstring + user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +### K0smotronControlPlane.spec.mounts[index].rbd.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexrbd) -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -8779,51 +9043,24 @@ There are three important differences between dataSource and dataSourceRef: - - - - - - - - - - - - - - -
kindstring - Kind is the type of resource being referenced
- 		true
name string - Name is the name of resource being referenced
- 		true
apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
- 		false
namespacestring - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +### K0smotronControlPlane.spec.mounts[index].scaleIO +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. @@ -8835,48 +9072,93 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour - - + + + + + + + + + + + + + + + + + - - + + - - + + + + + + + + + + + + + + + + + + + + + +
claims[]objectgatewaystring - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ gateway is the host address of the ScaleIO API Gateway.
+ 		true
secretRefobject + secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
+ 		true
systemstring + system is the name of the storage system as configured in ScaleIO.
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
limitsmap[string]int or stringprotectionDomainstring - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
 false
requestsmap[string]int or stringreadOnlyboolean - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
sslEnabledboolean + sslEnabled Flag enable/disable SSL communication with Gateway, default false
+ 		false
storageModestring + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
+ 		false
storagePoolstring + storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ 		false
volumeNamestring + volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespecresources) +### K0smotronControlPlane.spec.mounts[index].scaleIO.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexscaleio) -ResourceClaim references one entry in PodSpec.ResourceClaims. +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. @@ -8891,21 +9173,22 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - +
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +### K0smotronControlPlane.spec.mounts[index].secret +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -selector is a label query over volumes to consider for binding. +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret @@ -8917,32 +9200,58 @@ selector is a label query over volumes to consider for binding. - + + + + + + - - + + + + + + +
matchExpressionsdefaultModeinteger + defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items []object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
matchLabelsmap[string]stringoptionalboolean - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ optional field specify whether the Secret or its keys must be defined
+ 		false
secretNamestring + secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespecselector) +### K0smotronControlPlane.spec.mounts[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanespecmountsindexsecret) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +Maps a string key to a path within a volume. @@ -8957,39 +9266,43 @@ relates the key and values. - + - - + +
key string - key is the label key that the selector applies to.
+ key is the key to project.
 true
operatorpath string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
values[]stringmodeinteger - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.metadata -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplate) +### K0smotronControlPlane.spec.mounts[index].storageos +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation. +storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. @@ -9001,50 +9314,61 @@ validation. - - + + - - + + - - + + - + - +
annotationsmap[string]stringfsTypestring -
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
finalizers[]stringreadOnlyboolean -
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
labelsmap[string]stringsecretRefobject -
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
namevolumeName string -
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
namespacevolumeNamespace string -
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].fc -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].storageos.secretRef +[↩ Parent](#k0smotroncontrolplanespecmountsindexstorageos) -fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. @@ -9056,58 +9380,24 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach - + - - - - - - - - - - - - - - - - - - - -
fsTypename string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
- 		false
luninteger - lun is Optional: FC target lun number
-
- Format: int32
- 		false
readOnlyboolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
- 		false
targetWWNs[]string - targetWWNs is Optional: FC target worldwide names (WWNs)
- 		false
wwids[]string - wwids Optional: FC volume world wide identifiers (wwids) -Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flexVolume -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.mounts[index].vsphereVolume +[↩ Parent](#k0smotroncontrolplanespecmountsindex) -flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin. +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine @@ -9119,61 +9409,46 @@ provisioned/attached using an exec based plugin. - + - - - - - - - + + - - + +
drivervolumePath string - driver is the name of the driver to use for this volume.
+ volumePath is the path that identifies vSphere volume vmdk
 true
fsType string - fsType is the filesystem type to mount. + fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
- 		false
optionsmap[string]string - options is Optional: this field holds extra command options if any.
+Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnlybooleanstoragePolicyIDstring - readOnly is Optional: defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
 false
secretRefobjectstoragePolicyNamestring - secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts.
+ storagePolicyName is the storage Policy Based Management (SPBM) profile name.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flexVolume.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexflexvolume) +### K0smotronControlPlane.spec.persistence +[↩ Parent](#k0smotroncontrolplanespec) -secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts. +Persistence defines the persistence configuration. If empty k0smotron +will use emptyDir as a volume. @@ -9185,24 +9460,38 @@ scripts. - + + + + + + + + + + +
nametype string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+
+
+ Default: emptyDir
+ 		true
hostPathstring + HostPath defines the host path configuration. Will be used as is in case of .spec.persistence.type is hostPath.
+ 		false
persistentVolumeClaimobject + PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flocker -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim +[↩ Parent](#k0smotroncontrolplanespecpersistence) -flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running +PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc. @@ -9214,32 +9503,62 @@ flocker represents a Flocker volume attached to a kubelet's host machine. This d - + - + + + + + + + + + + + + + + + +
datasetNameapiVersion string - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker -should be considered as deprecated
+ APIVersion defines the versioned schema of this representation of an object. +Servers should convert recognized schemas to the latest internal value, and +may reject unrecognized values. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
 false
datasetUUIDkind string - datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+ Kind is a string value representing the REST resource this object represents. +Servers may infer this from the endpoint the client submits requests to. +Cannot be updated. +In CamelCase. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ 		false
metadataobject + Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
statusobject + status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].gcePersistentDisk -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.metadata +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) -gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -9251,59 +9570,51 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - - + + - + - - + + - - + + - - + + + + + + +
pdNamestringannotationsmap[string]string - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
truefalse
fsTypestringfinalizers[]string - fsType is filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
+
false
partitionintegerlabelsmap[string]string - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

- Format: int32
 false
readOnlybooleannamestring - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+ 		false
namespacestring +
false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].gitRepo -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) -gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container. +spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims @@ -9315,40 +9626,114 @@ into the Pod's container. - + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - +
repositoryaccessModes[]string + accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ 		false
dataSourceobject + dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ 		false
dataSourceRefobject + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
resourcesobject + resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ 		false
selectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassName string - repository is the URL
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
truefalse
directoryvolumeMode string - directory is the target directory name. -Must not contain or start with '..'. If '.' is supplied, the volume directory will be the -git repository. Otherwise, if specified, the volume will contain the git repository in -the subdirectory with the given name.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
 false
revisionvolumeName string - revision is the commit hash for the specified revision.
+ volumeName is the binding reference to the PersistentVolume backing this claim.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].glusterfs -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.dataSource +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. @@ -9360,47 +9745,60 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md - + - + - - + +
endpointskind string - endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ Kind is the type of resource being referenced
 true
pathname string - path is the Glusterfs volume path. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ Name is the name of resource being referenced
 true
readOnlybooleanapiGroupstring - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. -Defaults to false. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].hostPath -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.dataSourceRef +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) -hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. @@ -9412,35 +9810,51 @@ mount host directories as read/write. - + - + + + + + + + + + + +
pathkind string - path of the directory on the host. -If the path is a symlink, it will follow the link to the real path. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ Kind is the type of resource being referenced
 true
typename string - type for HostPath Volume -Defaults to "" -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
namespacestring + Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].iscsi -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.resources +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) -iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -9452,104 +9866,48 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + + - - + +
iqnstring - iqn is the target iSCSI Qualified Name.
- 		true
luninteger - lun represents iSCSI Target Lun number.
-
- Format: int32
- 		true
targetPortalstring - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
- 		true
chapAuthDiscoveryboolean - chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- 		false
chapAuthSessionboolean - chapAuthSession defines whether support iSCSI Session CHAP authentication
- 		false
fsTypestring - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
- 		false
initiatorNamestring - initiatorName is the custom iSCSI Initiator Name. -If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface -: will be created for the connection.
- 		false
iscsiInterfacestring - iscsiInterface is the interface Name that uses an iSCSI transport. -Defaults to 'default' (tcp).
- 		false
portals[]stringclaims[]object - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
readOnlybooleanlimitsmap[string]int or string - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false.
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
secretRefobjectrequestsmap[string]int or string - secretRef is the CHAP Secret for iSCSI target and initiator authentication
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].iscsi.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexiscsi) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspecresources) -secretRef is the CHAP Secret for iSCSI target and initiator authentication +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -9564,22 +9922,21 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication - + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ +
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		falsetrue
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].nfs -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.selector +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspec) -nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +selector is a label query over volumes to consider for binding. @@ -9591,42 +9948,32 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - - - - - - - + + - + - - + +
pathstring - path that is exported by the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- 		true
serverstringmatchExpressions[]object - server is the hostname or IP address of the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
truefalse
readOnlybooleanmatchLabelsmap[string]string - readOnly here will force the NFS export to be mounted with read-only permissions. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].persistentVolumeClaim -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.spec.selector.matchExpressions[index] +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimspecselector) -persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -9638,31 +9985,42 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis - + - - + + + + + + +
claimNamekey string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ key is the label key that the selector applies to.
 true
readOnlybooleanoperatorstring - readOnly Will force the ReadOnly setting in VolumeMounts. -Default false.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].photonPersistentDisk -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.status +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaim) -photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims @@ -9674,31 +10032,120 @@ photonPersistentDisk represents a PhotonController persistent disk attached and - - + + - + - + + + + + + + + + + + + + + + + + + + + +
pdIDstringaccessModes[]string - pdID is the ID that identifies Photon Controller persistent disk
+ accessModes contains the actual access modes the volume backing the PVC has. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
truefalse
fsTypeallocatedResourceStatusesmap[string]string + allocatedResourceStatuses stores status of resource being resized for the given PVC. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller starts resizing the volume in control-plane. + - ControllerResizeFailed: + State set when resize has failed in resize controller with a terminal error. + - NodeResizePending: + State set when resize controller has finished resizing the volume but further resizing of + volume is needed on the node. + - NodeResizeInProgress: + State set when kubelet starts resizing the volume. + - NodeResizeFailed: + State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + NodeResizeFailed. +For example: if expanding a PVC for more capacity - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" +When this field is not set, it means that no resize operation is in progress for the given PVC. + + +A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ 		false
allocatedResourcesmap[string]int or string + allocatedResources tracks the resources allocated to a PVC including its capacity. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +Capacity reported here may be larger than the actual capacity when a volume expansion operation +is requested. +For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. +If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. +If a volume expansion capacity request is lowered, allocatedResources is only +lowered if there are no expansion operations in progress and if the actual volume capacity +is equal or lower than the requested capacity. + + +A controller that receives PVC update with previously unknown resourceName +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ 		false
capacitymap[string]int or string + capacity represents the actual resources of the underlying volume.
+ 		false
conditions[]object + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'ResizeStarted'.
+ 		false
phase string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ phase represents the current phase of PersistentVolumeClaim.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].portworxVolume -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.persistence.persistentVolumeClaim.status.conditions[index] +[↩ Parent](#k0smotroncontrolplanespecpersistencepersistentvolumeclaimstatus) -portworxVolume represents a portworx volume attached and mounted on kubelets host machine +PersistentVolumeClaimCondition contains details about state of pvc @@ -9710,39 +10157,63 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos - + - + + + + + + - - + + + + + + + + + + + +
volumeIDstatus string - volumeID uniquely identifies a Portworx volume
+
true
fsTypetype string - fSType represents the filesystem type to mount -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ 		true
lastProbeTimestring + lastProbeTime is the time we probed the condition.
+
+ Format: date-time
 false
readOnlybooleanlastTransitionTimestring - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ lastTransitionTime is the time the condition transitioned from one status to another.
+
+ Format: date-time
+ 		false
messagestring + message is the human-readable message indicating details about last transition.
+ 		false
reasonstring + reason is a unique, this should be a short, machine understandable string that gives the reason +for condition's last transition. If it reports "ResizeStarted" that means the underlying +persistent volume is being resized.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlane.spec.resources +[↩ Parent](#k0smotroncontrolplanespec) -projected items for all in one resources secrets, configmaps, and downward API +Resources describes the compute resource requirements for the control plane pods. @@ -9754,36 +10225,48 @@ projected items for all in one resources secrets, configmaps, and downward API - - + + - - + + + + + + +
defaultModeintegerclaims[]object - defaultMode are the mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
sources[]objectlimitsmap[string]int or string - sources is the list of volume projections
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojected) +### K0smotronControlPlane.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanespecresources) -Projection that may be projected along with other supported volume types +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -9795,43 +10278,24 @@ Projection that may be projected along with other supported volume types - - - - - - - - - - - - - - - - - + + - +
configMapobject - configMap information about the configMap data to project
- 		false
downwardAPIobject - downwardAPI information about the downwardAPI data to project
- 		false
secretobject - secret information about the secret data to project
- 		false
serviceAccountTokenobjectnamestring - serviceAccountToken is information about the serviceAccountToken data to project
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
falsetrue
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].configMap -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) +### K0smotronControlPlane.spec.service +[↩ Parent](#k0smotroncontrolplanespec) -configMap information about the configMap data to project +Service defines the service configuration. @@ -9843,44 +10307,52 @@ configMap information about the configMap data to project - - + + + + + + + - - + + - - + +
items[]objecttypeenum - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ Service Type string describes ingress methods for a service
+
+ Enum: ClusterIP, NodePort, LoadBalancer
+ Default: ClusterIP
+ 		true
annotationsmap[string]string + Annotations defines extra annotations to be added to the service.
 false
namestringapiPortinteger - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ APIPort defines the kubernetes API port. If empty k0smotron +will pick it automatically.
+
+ Default: 30443
 false
optionalbooleankonnectivityPortinteger - optional specify whether the ConfigMap or its keys must be defined
+ KonnectivityPort defines the konnectivity port. If empty k0smotron +will pick it automatically.
+
+ Default: 30132
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].configMap.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexconfigmap) +### K0smotronControlPlane.status +[↩ Parent](#k0smotroncontrolplane) + -Maps a string key to a path within a volume. @@ -9892,46 +10364,45 @@ Maps a string key to a path within a volume. - - + + - - + + - - + + - + + + + + +
keystringcontrolPlaneReadyboolean - key is the key to project.
+
true
pathstringexternalManagedControlPlaneboolean - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+
true
modeintegerinitializedboolean - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
falsetrue
readyboolean + Ready denotes that the control plane is ready
+ 		true
+## K0smotronControlPlaneTemplate +[↩ Parent](#controlplaneclusterx-k8siov1beta1 ) + + + -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) -downwardAPI information about the downwardAPI data to project @@ -9943,22 +10414,39 @@ downwardAPI information about the downwardAPI data to project - - + + + + + + + + + + + + + + + + + + +
items[]objectapiVersionstringcontrolplane.cluster.x-k8s.io/v1beta1true
kindstringK0smotronControlPlaneTemplatetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - Items is a list of DownwardAPIVolume file
+
false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapi) +### K0smotronControlPlaneTemplate.spec +[↩ Parent](#k0smotroncontrolplanetemplate) + -DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -9970,51 +10458,22 @@ DownwardAPIVolumeFile represents information to create the file containing the p - - - - - - + - - - - - - - - - -
pathstring - Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
- 		true
fieldReftemplate object - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
- 		false
modeinteger - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
- 		false
resourceFieldRefobject - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index].fieldRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) +### K0smotronControlPlaneTemplate.spec.template +[↩ Parent](#k0smotroncontrolplanetemplatespec) + -Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -10026,30 +10485,29 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa - - + + - + - - + +
fieldPathstringmetadataobject - Path of the field to select in the specified API version.
+
truefalse
apiVersionstringspecobject - Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ ClusterSpec defines the desired state of K0smotronCluster
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) +### K0smotronControlPlaneTemplate.spec.template.metadata +[↩ Parent](#k0smotroncontrolplanetemplatespectemplate) + -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -10061,136 +10519,50 @@ Selects a resource of the container: only resources limits and requests - - - - - - - + + - - + + - -
resourcestring - Required: resource to select
- 		true
containerNamestringannotationsmap[string]string - Container name: required for volumes, optional for env vars
+
false
divisorint or stringfinalizers[]string - Specifies the output format of the exposed resources, defaults to "1"
+
false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].secret -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) - - - -secret information about the secret data to project - - - - - - - - - - - - - + + + - - - - - - -
NameTypeDescriptionRequired
items[]object
labelsmap[string]string - items if unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+
false
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - optional field specify whether the Secret or its key must be defined
+
false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].secret.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexsecret) - - - -Maps a string key to a path within a volume. - - - - - - - - - - - - - - - - + - - - - -
NameTypeDescriptionRequired
keystring - key is the key to project.
- 		true
pathnamespace string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
- 		true
modeinteger - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].serviceAccountToken -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) +### K0smotronControlPlaneTemplate.spec.template.spec +[↩ Parent](#k0smotroncontrolplanetemplatespectemplate) -serviceAccountToken is information about the serviceAccountToken data to project +ClusterSpec defines the desired state of K0smotronCluster @@ -10202,212 +10574,161 @@ serviceAccountToken is information about the serviceAccountToken data to project - - + + - + - - + + - - + + - -
pathstringcertificateRefs[]object - path is the path relative to the mount point of the file to project the -token into.
+ CertificateRefs defines the certificate references.
truefalse
audiencestringcontrollerPlaneFlags[]string - audience is the intended audience of the token. A recipient of a token -must identify itself with an identifier specified in the audience of the -token, and otherwise should reject the token. The audience defaults to the -identifier of the apiserver.
+ ControlPlaneFlags allows to configure additional flags for k0s +control plane and to override existing ones. The default flags are +kept unless they are overriden explicitly. Flags with arguments must +be specified as a single string, e.g. --some-flag=argument
 false
expirationSecondsintegeretcdobject - expirationSeconds is the requested duration of validity of the service -account token. As the token approaches expiration, the kubelet volume -plugin will proactively rotate the service account token. The kubelet will -start trying to rotate the token if the token is older than 80 percent of -its time to live or if the token is older than 24 hours.Defaults to 1 hour -and must be at least 10 minutes.
+ Etcd defines the etcd configuration.

- Format: int64
+ Default: map[image:quay.io/k0sproject/etcd:v3.5.13 persistence:map[]]
 false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].quobyte -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) - - - -quobyte represents a Quobyte mount on the host that shares a pod's lifetime - - - - - - - - - - - - - - - - + - + - + - - + + - + - + - -
NameTypeDescriptionRequired
registrystring - registry represents a single or multiple Quobyte Registry services -specified as a string as host:port pair (multiple entries are separated with commas) -which acts as the central registry for volumes
- 		true
volumeexternalAddress string - volume is a string that references an already created Quobyte volume by name.
+ ExternalAddress defines k0s external address. See https://docs.k0sproject.io/stable/configuration/#specapi +Will be detected automatically for service type LoadBalancer.
truefalse
groupimage string - group to map volume access to -Default is no group
+ Image defines the k0s image to be deployed. If empty k0smotron +will pick it automatically. Must not include the image tag.
+
+ Default: k0sproject/k0s
 false
readOnlybooleank0sConfigobject - readOnly here will force the Quobyte volume to be mounted with read-only permissions. -Defaults to false.
+ k0sConfig defines the k0s configuration. Note, that some fields will be overwritten by k0smotron. +If empty, will be used default configuration. @see https://docs.k0sproject.io/stable/configuration/
 false
tenantkineDataSourceSecretName string - tenant owning the given Quobyte volume in the Backend -Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ KineDataSourceSecretName defines the name of kine datasource URL secret. +KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup +and one of them must be set if replicas > 1.
 false
userkineDataSourceURL string - user to map volume access to -Defaults to serivceaccount user
+ KineDataSourceURL defines the kine datasource URL. +KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup +and one of them must be set if replicas > 1.
 false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].rbd -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) - - - -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md - - - - - - - - - - - - - + + + - + - - + + - + - - + + - - + + - - + + - - + + - + - +
NameTypeDescriptionRequired
imagestring
manifests[]object - image is the rados image name. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Manifests allows to specify list of volumes with manifests to be +deployed in the cluster. The volumes will be mounted +in /var/lib/k0s/manifests/, for this reason each +manifest is a stack. K0smotron allows any kind of volume, but the +recommendation is to use secrets and configmaps. +For more information check: +https://docs.k0sproject.io/stable/manifests/ and +https://kubernetes.io/docs/concepts/storage/volumes
truefalse
monitors[]stringmonitoringobject - monitors is a collection of Ceph monitors. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Monitoring defines the monitoring configuration.
truefalse
fsTypestringmounts[]object - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd -TODO: how do we prevent errors in the filesystem from compromising the machine
+ Mounts allows to specify list of volumes with any files to be +mounted in the controlplane pod. K0smotron allows any kind of volume, but the +recommendation is to use secrets and configmaps. +For more information check: +https://kubernetes.io/docs/concepts/storage/volumes
 false
keyringstringpersistenceobject - keyring is the path to key ring for RBDUser. -Default is /etc/ceph/keyring. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Persistence defines the persistence configuration. If empty k0smotron +will use emptyDir as a volume.
 false
poolstringreplicasinteger - pool is the rados pool name. -Default is rbd. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Replicas is the desired number of replicas of the k0s control planes. +If unspecified, defaults to 1. If the value is above 1, k0smotron requires kine datasource URL to be set. +Recommended value is 3.
+
+ Format: int32
+ Default: 1
 false
readOnlybooleanresourcesobject - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Resources describes the compute resource requirements for the control plane pods.
 false
secretRefservice object - secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Service defines the service configuration.
+
+ Default: map[apiPort:30443 konnectivityPort:30132 type:ClusterIP]
 false
userversion string - user is the rados user name. -Default is admin. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ Version defines the k0s version to be deployed. If empty k0smotron +will pick it automatically.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].rbd.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexrbd) +### K0smotronControlPlaneTemplate.spec.template.spec.certificateRefs[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + -secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -10419,24 +10740,31 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + + + + +
typeenum +
+
+ Enum: ca, sa, proxy, etcd, apiserver-etcd-client, etcd-peer, etcd-server
+ 		true
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+
false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].scaleIO -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlaneTemplate.spec.template.spec.etcd +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) -scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +Etcd defines the etcd configuration. @@ -10448,93 +10776,38 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + +
gatewaystring - gateway is the host address of the ScaleIO API Gateway.
- 		true
secretRefobject - secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail.
- 		true
systemimage string - system is the name of the storage system as configured in ScaleIO.
+ Image defines the etcd image to be deployed.
+
+ Default: quay.io/k0sproject/etcd:v3.5.13
 true
fsTypestring - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". -Default is "xfs".
- 		false
protectionDomainstring - protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- 		false
readOnlyboolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
- 		false
sslEnabledboolean - sslEnabled Flag enable/disable SSL communication with Gateway, default false
- 		false
storageModestring - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. -Default is ThinProvisioned.
- 		false
storagePoolstringargs[]string - storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ Args defines the etcd arguments.
 false
volumeNamestringpersistenceobject - volumeName is the name of a volume already created in the ScaleIO system -that is associated with this volume source.
+ Persistence defines the persistence configuration.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].scaleIO.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexscaleio) +### K0smotronControlPlaneTemplate.spec.template.spec.etcd.persistence +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecetcd) -secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail. +Persistence defines the persistence configuration. @@ -10546,25 +10819,31 @@ sensitive information. If this is not provided, Login operation will fail. - + + + + + +
namesizeint or string + Size defines the size of the etcd volume. Default: 1Gi
+
+ Default: 1Gi
+ 		false
storageClass string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ StorageClass defines the storage class to be used for etcd persistence. If empty, will be used the default storage class.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].secret -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) -secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -10576,204 +10855,281 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - - + + - + - - + + - - + + - - + + - -
defaultModeintegernamestring - defaultMode is Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values -for mode bits. Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
falsetrue
items[]objectawsElasticBlockStoreobject - items If unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
optionalbooleanazureDiskobject - optional field specify whether the Secret or its keys must be defined
+ azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
 false
secretNamestringazureFileobject - secretName is the name of the secret in the pod's namespace to use. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ azureFile represents an Azure File Service mount on the host and bind mount to the pod.
 false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].secret.items[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexsecret) - - - -Maps a string key to a path within a volume. - - - - - - - - - - - - - + + + - + - - + + - + - - + + - -
NameTypeDescriptionRequired
keystring
cephfsobject - key is the key to project.
+ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
truefalse
pathstringcinderobject - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
truefalse
modeintegerconfigMapobject - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ configMap represents a configMap that should populate this volume
 false
+ + csi + object + + csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ + false + + downwardAPI + object + + downwardAPI represents downward API about the pod that should populate this volume
+ + false + + emptyDir + object + + emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ + false + + ephemeral + object + + ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].storageos -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. -storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - - - - - - - - - - - - +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
+ + + + + - - + + - + - - + + - - + + - -
NameTypeDescriptionRequired
fsTypestringfalse
fcobject - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
 false
readOnlybooleanflexVolumeobject - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
 false
secretRefflocker object - secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted.
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
 false
volumeNamestringgcePersistentDiskobject - volumeName is the human-readable name of the StorageOS volume. Volume -names are only unique within a namespace.
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
volumeNamespacestringgitRepoobject - volumeNamespace specifies the scope of the volume within StorageOS. If no -namespace is specified then the Pod's namespace will be used. This allows the -Kubernetes name scoping to be mirrored within StorageOS for tighter integration. -Set VolumeName to any name to override the default behaviour. -Set to "default" if you are not using namespaces within StorageOS. -Namespaces that do not pre-exist within StorageOS will be created.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
- - -### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].storageos.secretRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexstorageos) - - - -secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted. - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring
glusterfsobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ 		false
hostPathobject + hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
+ 		false
iscsiobject + iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
+ 		false
nfsobject + nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		false
persistentVolumeClaimobject + persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
photonPersistentDiskobject + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ 		false
portworxVolumeobject + portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ 		false
projectedobject + projected items for all in one resources secrets, configmaps, and downward API
+ 		false
quobyteobject + quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ 		false
rbdobject + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
+ 		false
scaleIOobject + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ 		false
secretobject + secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
storageosobject + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ 		false
vsphereVolumeobject + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].vsphereVolume +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].awsElasticBlockStore [↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -10785,45 +11141,54 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host - + - - + + - - + +
volumePathvolumeID string - volumePath is the path that identifies vSphere volume vmdk
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 true
fsType string - fsType is filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
storagePolicyIDstringpartitioninteger - storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+ Format: int32
 false
storagePolicyNamestringreadOnlyboolean - storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.monitoring -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].azureDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -Monitoring defines the monitoring configuration. +azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -10835,42 +11200,60 @@ Monitoring defines the monitoring configuration. - - + + - + - + - + + + + + + + + + + + + + + + +
enabledbooleandiskNamestring - Enabled enables prometheus sidecar that scrapes metrics from the child cluster system components and expose -them as usual kubernetes pod metrics.
+ diskName is the Name of the data disk in the blob storage
 true
prometheusImagediskURI string - PrometheusImage defines the image used for the prometheus sidecar.
-
- Default: quay.io/k0sproject/prometheus:v2.44.0
+ diskURI is the URI of data disk in the blob storage
 true
proxyImagecachingMode string - ProxyImage defines the image used for the nginx proxy sidecar.
-
- Default: nginx:1.19.10
+ cachingMode is the Host Caching mode: None, Read Only, Read Write.
truefalse
fsTypestring + fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
kindstring + kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].azureFile +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -Persistence defines the persistence configuration. If empty k0smotron -will use emptyDir as a volume. +azureFile represents an Azure File Service mount on the host and bind mount to the pod. @@ -10882,38 +11265,37 @@ will use emptyDir as a volume. - + - + - + - - + +
typesecretName string -
-
- Default: emptyDir
+ secretName is the name of secret that contains Azure Storage Account Name and Key
 true
hostPathshareName string - HostPath defines the host path configuration. Will be used as is in case of .spec.persistence.type is hostPath.
+ shareName is the azure share Name
falsetrue
persistentVolumeClaimobjectreadOnlyboolean - PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistence) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cephfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc. +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -10925,62 +11307,64 @@ PersistentVolumeClaim defines the PVC configuration. Will be used as is in case - + + + + + + - - + + - - + + - + - - + +
apiVersionmonitors[]string + monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		true
path string - APIVersion defines the versioned schema of this representation of an object. -Servers should convert recognized schemas to the latest internal value, and -may reject unrecognized values. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
 false
kindstringreadOnlyboolean - Kind is a string value representing the REST resource this object represents. -Servers may infer this from the endpoint the client submits requests to. -Cannot be updated. -In CamelCase. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
metadataobjectsecretFilestring - Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
specsecretRef object - spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
statusobjectuserstring - status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.metadata -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cephfs.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcephfs) -Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -10992,51 +11376,25 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- - - - - - - - - - - - - - - - - - - - -
annotationsmap[string]string -
- 		false
finalizers[]string -
- 		false
labelsmap[string]string -
- 		false
name string -
- 		false
namespacestring -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cinder +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -spec defines the desired characteristics of a volume requested by a pod author. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -11048,114 +11406,80 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis - - + + - + - - + + - - - - - - - + + - + - - - - - - - - - - - - + +
accessModes[]stringvolumeIDstring - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
falsetrue
dataSourceobjectfsTypestring - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
- 		false
dataSourceRefobject - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
resourcesobjectreadOnlyboolean - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
selectorsecretRef object - selector is a label query over volumes to consider for binding.
- 		false
storageClassNamestring - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
- 		false
volumeModestring - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
volumeName
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].cinder.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcinder) + + + +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. + + + + + + + + + + + +
NameTypeDescriptionRequired
name string - volumeName is the binding reference to the PersistentVolume backing this claim.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.dataSource -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].configMap +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +configMap represents a configMap that should populate this volume @@ -11167,60 +11491,59 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour - - + + - + + + + + + - + - - + +
kindstringdefaultModeinteger - Kind is the type of resource being referenced
+ defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
truefalse
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string - Name is the name of resource being referenced
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
apiGroupstringoptionalboolean - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ optional specify whether the ConfigMap or its keys must be defined
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.dataSourceRef -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexconfigmap) -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +Maps a string key to a path within a volume. @@ -11232,51 +11555,46 @@ There are three important differences between dataSource and dataSourceRef: - + - + - - - - - - - + +
kindkey string - Kind is the type of resource being referenced
+ key is the key to project.
 true
namepath string - Name is the name of resource being referenced
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
- 		false
namespacestringmodeinteger - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.resources -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].csi +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). @@ -11288,48 +11606,63 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour - - + + + + + + + - - + + - - + + + + + + +
claims[]objectdriverstring - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
+ 		true
fsTypestring + fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
limitsmap[string]int or stringnodePublishSecretRefobject - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
requestsmap[string]int or stringreadOnlyboolean - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
+ 		false
volumeAttributesmap[string]string + volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.resources.claims[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspecresources) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].csi.nodePublishSecretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexcsi) -ResourceClaim references one entry in PodSpec.ResourceClaims. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. @@ -11344,21 +11677,21 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - +
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.selector -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -selector is a label query over volumes to consider for binding. +downwardAPI represents downward API about the pod that should populate this volume @@ -11370,32 +11703,38 @@ selector is a label query over volumes to consider for binding. - - + + - - + +
matchExpressions[]objectdefaultModeinteger - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
matchLabelsmap[string]stringitems[]object - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Items is a list of downward API volume file
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.selector.matchExpressions[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspecselector) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapi) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -11407,42 +11746,51 @@ relates the key and values. - + - - + + - + - - + + + + + + +
keypath string - key is the label key that the selector applies to.
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
 true
operatorstringfieldRefobject - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
truefalse
values[]stringmodeinteger - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.status -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapiitemsindex) -status represents the current information/status of a persistent volume claim. -Read-only. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -11454,120 +11802,72 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis - - + + - + - - + + - - - - +
accessModes[]stringfieldPathstring - accessModes contains the actual access modes the volume backing the PVC has. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ Path of the field to select in the specified API version.
falsetrue
allocatedResourceStatusesmap[string]stringapiVersionstring - allocatedResourceStatuses stores status of resource being resized for the given PVC. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. - - -ClaimResourceStatus can be in any of following states: - - ControllerResizeInProgress: - State set when resize controller starts resizing the volume in control-plane. - - ControllerResizeFailed: - State set when resize has failed in resize controller with a terminal error. - - NodeResizePending: - State set when resize controller has finished resizing the volume but further resizing of - volume is needed on the node. - - NodeResizeInProgress: - State set when kubelet starts resizing the volume. - - NodeResizeFailed: - State set when resizing has failed in kubelet with a terminal error. Transient errors don't set - NodeResizeFailed. -For example: if expanding a PVC for more capacity - this field can be one of the following states: - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" - - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" -When this field is not set, it means that no resize operation is in progress for the given PVC. - - -A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. - - -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
allocatedResourcesmap[string]int or string - allocatedResources tracks the resources allocated to a PVC including its capacity. -Key names follow standard Kubernetes label syntax. Valid values are either: - * Un-prefixed keys: - - storage - the capacity of the volume. - * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" -Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered -reserved and hence may not be used. +
-Capacity reported here may be larger than the actual capacity when a volume expansion operation -is requested. -For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. -If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. -If a volume expansion capacity request is lowered, allocatedResources is only -lowered if there are no expansion operations in progress and if the actual volume capacity -is equal or lower than the requested capacity. +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexdownwardapiitemsindex) -A controller that receives PVC update with previously unknown resourceName -should ignore the update for the purpose it was designed. For example - a controller that -only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid -resources associated with PVC. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. -This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
- - false - - capacity - map[string]int or string + + + + + + + + + + + + - + - - + + - - + +
NameTypeDescriptionRequired
resourcestring - capacity represents the actual resources of the underlying volume.
+ Required: resource to select
falsetrue
conditions[]objectcontainerNamestring - conditions is the current Condition of persistent volume claim. If underlying persistent volume is being -resized then the Condition will be set to 'ResizeStarted'.
+ Container name: required for volumes, optional for env vars
 false
phasestringdivisorint or string - phase represents the current phase of PersistentVolumeClaim.
+ Specifies the output format of the exposed resources, defaults to "1"
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.status.conditions[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimstatus) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].emptyDir +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -PersistentVolumeClaimCondition contains details about state of pvc +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -11579,63 +11879,64 @@ PersistentVolumeClaimCondition contains details about state of pvc - + - + - - - - - - - - - - - - - - - - - - - - - - + +
statusmedium string -
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
truefalse
typestring - PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
- 		true
lastProbeTimestring - lastProbeTime is the time we probed the condition.
-
- Format: date-time
- 		false
lastTransitionTimestring - lastTransitionTime is the time the condition transitioned from one status to another.
-
- Format: date-time
- 		false
messagestring - message is the human-readable message indicating details about last transition.
- 		false
reasonstringsizeLimitint or string - reason is a unique, this should be a short, machine understandable string that gives the reason -for condition's last transition. If it reports "ResizeStarted" that means the underlying -persistent volume is being resized.
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.resources -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -Resources describes the compute resource requirements for the control plane pods. +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. @@ -11647,48 +11948,68 @@ Resources describes the compute resource requirements for the control plane pods - - + + - - - - - - - - - -
claims[]objectvolumeClaimTemplateobject - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. + Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. -This field is immutable. It can only be set for containers.
- 		false
limitsmap[string]int or string - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
- 		false
requestsmap[string]int or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
-### K0smotronControlPlaneTemplate.spec.template.spec.resources.claims[index] -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecresources) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeral) -ResourceClaim references one entry in PodSpec.ResourceClaims. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. @@ -11700,24 +12021,37 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - - + + + + + + +
namestringspecobject - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
metadataobject + May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
+ 		false
-### K0smotronControlPlaneTemplate.spec.template.spec.service -[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplate) -Service defines the service configuration. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. @@ -11729,69 +12063,114 @@ Service defines the service configuration. - - + + - + - - + + - - + + - - + + + + + + + + + + + + + + + + + + + + + +
typeenumaccessModes[]string - Service Type string describes ingress methods for a service
-
- Enum: ClusterIP, NodePort, LoadBalancer
- Default: ClusterIP
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
truefalse
annotationsmap[string]stringdataSourceobject - Annotations defines extra annotations to be added to the service.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
apiPortintegerdataSourceRefobject - APIPort defines the kubernetes API port. If empty k0smotron -will pick it automatically.
-
- Default: 30443
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
konnectivityPortintegerresourcesobject - KonnectivityPort defines the konnectivity port. If empty k0smotron -will pick it automatically.
-
- Default: 30132
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ 		false
selectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassNamestring + storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ 		false
volumeModestring + volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
+ 		false
volumeNamestring + volumeName is the binding reference to the PersistentVolume backing this claim.
 false
-# infrastructure.cluster.x-k8s.io/v1beta1 - -Resource Types: - -- [PooledRemoteMachine](#pooledremotemachine) - -- [RemoteCluster](#remotecluster) - -- [RemoteMachine](#remotemachine) - -- [RemoteMachineTemplate](#remotemachinetemplate) - - - - -## PooledRemoteMachine -[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) - - - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. @@ -11803,46 +12182,60 @@ Resource Types: - - - - - - - - - - - - - - - - + + + + - - + + - + - - + +
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringPooledRemoteMachinetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.truekindstring + Kind is the type of resource being referenced
+ 		true
specobjectnamestring -
+ Name is the name of resource being referenced
falsetrue
statusobjectapiGroupstring -
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
-### PooledRemoteMachine.spec -[↩ Parent](#pooledremotemachine) - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. @@ -11854,29 +12247,51 @@ Resource Types: - - + + - + + + + + + + + + + +
machineobjectkindstring -
+ Kind is the type of resource being referenced
 true
poolname string -
+ Name is the name of resource being referenced
 true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
namespacestring + Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
-### PooledRemoteMachine.spec.machine -[↩ Parent](#pooledremotemachinespec) - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -11888,49 +12303,48 @@ Resource Types: - - - - - - - + + - + - - + + - - + +
addressstring - Address is the IP address or DNS name of the remote machine.
- 		true
sshKeyRefobjectclaims[]object - SSHKeyRef is a reference to a secret that contains the SSH private key. -The key must be placed on the secret using the key "value".
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
truefalse
portintegerlimitsmap[string]int or string - Port is the SSH port of the remote machine.
-
- Default: 22
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
userstringrequestsmap[string]int or string - User is the user to use when connecting to the remote machine.
-
- Default: root
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### PooledRemoteMachine.spec.machine.sshKeyRef -[↩ Parent](#pooledremotemachinespecmachine) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespecresources) -SSHKeyRef is a reference to a secret that contains the SSH private key. -The key must be placed on the secret using the key "value". +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -11945,19 +12359,21 @@ The key must be placed on the secret using the key "value".
name string - Name is the name of the secret.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
 true
-### PooledRemoteMachine.status -[↩ Parent](#pooledremotemachine) - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespec) +selector is a label query over volumes to consider for binding. @@ -11969,29 +12385,32 @@ The key must be placed on the secret using the key "value". - - + + - + - - + + - +
machineRefobjectmatchExpressions[]object -
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
truefalse
reservedbooleanmatchLabelsmap[string]string -
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
truefalse
-### PooledRemoteMachine.status.machineRef -[↩ Parent](#pooledremotemachinestatus) - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplatespecselector) +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -12003,31 +12422,42 @@ The key must be placed on the secret using the key "value". - + - + - -
namekey string -
+ key is the label key that the selector applies to.
 true
namespaceoperator string -
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
- -## RemoteCluster -[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) - - + + values + []string + + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ + false + + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexephemeralvolumeclaimtemplate) +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. @@ -12039,46 +12469,50 @@ The key must be placed on the secret using the key "value". - - - - - - - - - - - - - - - - + + + + - - + + - - + + + + + + + + + + + +
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteClustertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.trueannotationsmap[string]string +
+ 		false
specobjectfinalizers[]string - RemoteClusterSpec defines the desired state of RemoteCluster
+
false
statusobjectlabelsmap[string]string - RemoteClusterStatus defines the observed state of RemoteCluster
+
+ 		false
namestring +
+ 		false
namespacestring +
false
-### RemoteCluster.spec -[↩ Parent](#remotecluster) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].fc +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -RemoteClusterSpec defines the desired state of RemoteCluster +fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -12090,22 +12524,58 @@ RemoteClusterSpec defines the desired state of RemoteCluster - - + + - + + + + + + + + + + + + + + + + + + + + +
controlPlaneEndpointobjectfsTypestring - APIEndpoint represents a reachable Kubernetes API endpoint.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
truefalse
luninteger + lun is Optional: FC target lun number
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
targetWWNs[]string + targetWWNs is Optional: FC target worldwide names (WWNs)
+ 		false
wwids[]string + wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ 		false
-### RemoteCluster.spec.controlPlaneEndpoint -[↩ Parent](#remoteclusterspec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flexVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -APIEndpoint represents a reachable Kubernetes API endpoint. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. @@ -12117,31 +12587,61 @@ APIEndpoint represents a reachable Kubernetes API endpoint. - + - - + + - + + + + + + + + + + + + + + + +
hostdriver string - The hostname on which the API server is serving.
+ driver is the name of the driver to use for this volume.
 true
portintegerfsTypestring - The port on which the API server is serving.
-
- Format: int32
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
truefalse
optionsmap[string]string + options is Optional: this field holds extra command options if any.
+ 		false
readOnlyboolean + readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
+ 		false
-### RemoteCluster.status -[↩ Parent](#remotecluster) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flexVolume.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexflexvolume) -RemoteClusterStatus defines the observed state of RemoteCluster +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. @@ -12153,26 +12653,24 @@ RemoteClusterStatus defines the observed state of RemoteCluster - - + + - +
readybooleannamestring - Ready denotes that the remote cluster is ready to be used.
-
- Default: false
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-## RemoteMachine -[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) - - - +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].flocker +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running @@ -12184,46 +12682,32 @@ RemoteClusterStatus defines the observed state of RemoteCluster - - - - - - - - - - - - - - - - - - - + + - - + +
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteMachinetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobjectdatasetNamestring - RemoteMachineSpec defines the desired state of RemoteMachine
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
statusobjectdatasetUUIDstring - RemoteMachineStatus defines the observed state of RemoteMachine
+ datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
 false
-### RemoteMachine.spec -[↩ Parent](#remotemachine) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].gcePersistentDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -RemoteMachineSpec defines the desired state of RemoteMachine +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -12235,76 +12719,104 @@ RemoteMachineSpec defines the desired state of RemoteMachine - + - + - + - + - - - - - - - + + - - - + +
addresspdName string - Address is the IP address or DNS name of the remote machine.
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
falsetrue
poolfsType string - Pool is the name of the pool where the machine belongs to.
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
portpartition integer - Port is the SSH port of the remote machine.
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

- Default: 22
- 		false
providerIDstring - ProviderID is the ID of the machine in the provider.
+ Format: int32
 false
provisionJobobjectreadOnlyboolean - ProvisionJob describes the kubernetes Job to use to provision the machine.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
sshKeyRefobject
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].gitRepo +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. + + + + + + + + + + + + + - + - - + + - +
NameTypeDescriptionRequired
repositorystring - SSHKeyRef is a reference to a secret that contains the SSH private key. -The key must be placed on the secret using the key "value".
+ repository is the URL
falsetrue
useSudobooleandirectorystring -
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
userrevision string - User is the user to use when connecting to the remote machine.
-
- Default: root
+ revision is the commit hash for the specified revision.
 false
-### RemoteMachine.spec.provisionJob -[↩ Parent](#remotemachinespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].glusterfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -ProvisionJob describes the kubernetes Job to use to provision the machine. +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -12316,40 +12828,47 @@ ProvisionJob describes the kubernetes Job to use to provision the machine. - - + + - + - + - + - - + +
jobSpecTemplateobjectendpointsstring - JobTemplate is the job template to use to provision the machine.
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
falsetrue
scpCommandpath string -
-
- Default: scp
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
falsetrue
sshCommandstringreadOnlyboolean -
-
- Default: ssh
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate -[↩ Parent](#remotemachinespecprovisionjob) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].hostPath +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -JobTemplate is the job template to use to provision the machine. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. @@ -12361,32 +12880,35 @@ JobTemplate is the job template to use to provision the machine. - - + + - + - - + +
metadataobjectpathstring - Standard object's metadata of the jobs created from this template. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
falsetrue
specobjecttypestring - Specification of the desired behavior of the job. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.metadata -[↩ Parent](#remotemachinespecprovisionjobjobspectemplate) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].iscsi +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -Standard object's metadata of the jobs created from this template. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -12398,51 +12920,104 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- - - + + + + + + + + + + + + + + + + + - - + + - - + + - + - + + + + + + + + + + + + + + + +
annotationsmap[string]stringiqnstring + iqn is the target iSCSI Qualified Name.
+ 		true
luninteger + lun represents iSCSI Target Lun number.

+ Format: int32
+ 		true
targetPortalstring + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		true
chapAuthDiscoveryboolean + chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
 false
finalizers[]stringchapAuthSessionboolean -
+ chapAuthSession defines whether support iSCSI Session CHAP authentication
 false
labelsmap[string]stringfsTypestring -
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
nameinitiatorName string -
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
namespaceiscsiInterface string -
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
+ 		false
portals[]string + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
+ 		false
secretRefobject + secretRef is the CHAP Secret for iSCSI target and initiator authentication
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplate) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].iscsi.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexiscsi) -Specification of the desired behavior of the job. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -12454,228 +13029,188 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- - - - - - - - + + - - - - - - - - - - - - - - +
templateobject - Describes the pod that will be created when executing a job. -The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". -More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
- 		true
activeDeadlineSecondsintegernamestring - Specifies the duration in seconds relative to the startTime that the job -may be continuously active before the system tries to terminate it; value -must be positive integer. If a Job is suspended (at creation or through an -update), this timer will effectively be stopped and reset when the Job is -resumed again.
-
- Format: int64
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
backoffLimitinteger - Specifies the number of retries before marking this job failed. -Defaults to 6
-
- Format: int32
- 		false
backoffLimitPerIndexinteger - Specifies the limit for the number of retries within an -index before marking this index as failed. When enabled the number of -failures per index is kept in the pod's -batch.kubernetes.io/job-index-failure-count annotation. It can only -be set when Job's completionMode=Indexed, and the Pod's restart -policy is Never. The field is immutable. -This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` -feature gate is enabled (disabled by default).
-
- Format: int32
- 		false
completionModestring - completionMode specifies how Pod completions are tracked. It can be -`NonIndexed` (default) or `Indexed`. +
-`NonIndexed` means that the Job is considered complete when there have -been .spec.completions successfully completed Pods. Each Pod completion is -homologous to each other. +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].nfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -`Indexed` means that the Pods of a -Job get an associated completion index from 0 to (.spec.completions - 1), -available in the annotation batch.kubernetes.io/job-completion-index. -The Job is considered complete when there is one successfully completed Pod -for each index. -When value is `Indexed`, .spec.completions must be specified and -`.spec.parallelism` must be less than or equal to 10^5. -In addition, The Pod name takes the form -`$(job-name)-$(index)-$(random-string)`, -the Pod hostname takes the form `$(job-name)-$(index)`. +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs -More completion modes can be added in the future. -If the Job controller observes a mode that it doesn't recognize, which -is possible during upgrades due to version skew, the controller -skips updates for the Job.
+ + + + + + + + + + + + + - + - - + + - + - + - - - + +
NameTypeDescriptionRequired
pathstring + path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
falsetrue
completionsintegerserverstring - Specifies the desired number of successfully finished pods the -job should be run with. Setting to null means that the success of any -pod signals the success of all pods, and allows parallelism to have any positive -value. Setting to 1 means that parallelism is limited to 1 and the success of that -pod signals the success of the job. -More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
-
- Format: int32
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
falsetrue
manualSelectorreadOnly boolean - manualSelector controls generation of pod labels and pod selectors. -Leave `manualSelector` unset unless you are certain what you are doing. -When false or unset, the system pick labels unique to this job -and appends those labels to the pod template. When true, -the user is responsible for picking unique labels and specifying -the selector. Failure to pick a unique label may cause this -and other jobs to not function correctly. However, You may see -`manualSelector=true` in jobs that were created with the old `extensions/v1beta1` -API. -More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
maxFailedIndexesinteger
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].persistentVolumeClaim +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + + - + - - + + - - - - +
NameTypeDescriptionRequired
claimNamestring - Specifies the maximal number of failed indexes before marking the Job as -failed, when backoffLimitPerIndex is set. Once the number of failed -indexes exceeds this number the entire Job is marked as Failed and its -execution is terminated. When left as null the job continues execution of -all of its indexes and is marked with the `Complete` Job condition. -It can only be specified when backoffLimitPerIndex is set. -It can be null or up to completions. It is required and must be -less than or equal to 10^4 when is completions greater than 10^5. -This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` -feature gate is enabled (disabled by default).
-
- Format: int32
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
falsetrue
parallelismintegerreadOnlyboolean - Specifies the maximum desired number of pods the job should -run at any given time. The actual number of pods running in steady state will -be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), -i.e. when the work left to do is less than max parallelism. -More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
-
- Format: int32
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
podFailurePolicyobject - Specifies the policy of handling failed pods. In particular, it allows to -specify the set of actions and conditions which need to be -satisfied to take the associated action. -If empty, the default behaviour applies - the counter of failed pods, -represented by the jobs's .status.failed field, is incremented and it is -checked against the backoffLimit. This field cannot be used in combination -with restartPolicy=OnFailure. +
-This field is beta-level. It can be used when the `JobPodFailurePolicy` -feature gate is enabled (enabled by default).
+### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].photonPersistentDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + + + + + + + + + + + + + + - + - + - - - + +
NameTypeDescriptionRequired
pdIDstring + pdID is the ID that identifies Photon Controller persistent disk
falsetrue
podReplacementPolicyfsType string - podReplacementPolicy specifies when to create replacement Pods. -Possible values are: -- TerminatingOrFailed means that we recreate pods - when they are terminating (has a metadata.deletionTimestamp) or failed. -- Failed means to wait until a previously created Pod is fully terminated (has phase - Failed or Succeeded) before creating a replacement Pod. - - -When using podFailurePolicy, Failed is the the only allowed value. -TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. -This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
selectorobject
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].portworxVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +portworxVolume represents a portworx volume attached and mounted on kubelets host machine + + + + + + + + + + + + + - + - - + + - - + +
NameTypeDescriptionRequired
volumeIDstring - A label query over pods that should match the pod count. -Normally, the system sets this field for you. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ volumeID uniquely identifies a Portworx volume
falsetrue
suspendbooleanfsTypestring - suspend specifies whether the Job controller should create Pods or not. If -a Job is created with suspend set to true, no Pods are created by the Job -controller. If a Job is suspended after creation (i.e. the flag goes from -false to true), the Job controller will delete all active Pods associated -with this Job. Users must design their workload to gracefully handle this. -Suspending a Job will reset the StartTime field of the Job, effectively -resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
ttlSecondsAfterFinishedintegerreadOnlyboolean - ttlSecondsAfterFinished limits the lifetime of a Job that has finished -execution (either Complete or Failed). If this field is set, -ttlSecondsAfterFinished after the Job finishes, it is eligible to be -automatically deleted. When the Job is being deleted, its lifecycle -guarantees (e.g. finalizers) will be honored. If this field is unset, -the Job won't be automatically deleted. If this field is set to zero, -the Job becomes eligible to be deleted immediately after it finishes.
-
- Format: int32
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -Describes the pod that will be created when executing a job. -The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". -More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ +projected items for all in one resources secrets, configmaps, and downward API @@ -12687,32 +13222,36 @@ More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to - - + + - - + +
metadataobjectdefaultModeinteger - Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
specobjectsources[]object - Specification of the desired behavior of the pod. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ sources is the list of volume projections
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.metadata -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplate) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojected) -Standard object's metadata. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata +Projection that may be projected along with other supported volume types @@ -12724,51 +13263,43 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- - - - - - - - + + - - + + - - + + - - + +
annotationsmap[string]string -
- 		false
finalizers[]stringconfigMapobject -
+ configMap information about the configMap data to project
 false
labelsmap[string]stringdownwardAPIobject -
+ downwardAPI information about the downwardAPI data to project
 false
namestringsecretobject -
+ secret information about the secret data to project
 false
namespacestringserviceAccountTokenobject -
+ serviceAccountToken is information about the serviceAccountToken data to project
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplate) +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].configMap +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) -Specification of the desired behavior of the pod. -More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status +configMap information about the configMap data to project @@ -12780,440 +13311,9826 @@ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api- - + - - - - - - - + + - + - - - + +
containersitems []object - List of containers belonging to the pod. -Containers cannot currently be added or removed. -There must be at least one container in a Pod. -Cannot be updated.
- 		true
activeDeadlineSecondsinteger - Optional duration in seconds the pod may be active on the node relative to -StartTime before the system will actively try to mark it failed and kill associated containers. -Value must be a positive integer.
-
- Format: int64
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
affinityobjectnamestring - If specified, the pod's scheduling constraints
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
automountServiceAccountTokenoptional boolean - AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ optional specify whether the ConfigMap or its keys must be defined
 false
dnsConfigobject
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexconfigmap) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + - + - + - + - - + + - - + +
NameTypeDescriptionRequired
keystring - Specifies the DNS parameters of a pod. -Parameters specified here will be merged to the generated DNS -configuration based on DNSPolicy.
+ key is the key to project.
falsetrue
dnsPolicypath string - Set DNS policy for the pod. -Defaults to "ClusterFirst". -Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. -DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. -To have DNS options set along with hostNetwork, you have to specify DNS policy -explicitly to 'ClusterFirstWithHostNet'.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
enableServiceLinksbooleanmodeinteger - EnableServiceLinks indicates whether information about services should be injected into pod's -environment variables, matching the syntax of Docker links. -Optional: Defaults to true.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
ephemeralContainers
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) + + + +downwardAPI information about the downwardAPI data to project + + + + + + + + + + + + - - - + +
NameTypeDescriptionRequired
items []object - List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing -pod to perform user-initiated actions such as debugging. This list cannot be specified when -creating a pod, and it cannot be modified by updating the pod spec. In order to add an -ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ Items is a list of DownwardAPIVolume file
 false
hostAliases[]object
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapi) + + + +DownwardAPIVolumeFile represents information to create the file containing the pod field + + + + + + + + + + + + + - + - - + + - - - + + - - + + + +
NameTypeDescriptionRequired
pathstring - HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts -file if specified. This is only valid for non-hostNetwork pods.
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
falsetrue
hostIPCbooleanfieldRefobject - Use the host's ipc namespace. -Optional: Default to false.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
 false
hostNetworkboolean - Host networking requested for this pod. Use the host's network namespace. -If this option is set, the ports that will be used must be specified. -Default to false.
+ 		modeinteger + Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
hostPIDbooleanresourceFieldRefobject - Use the host's pid namespace. -Optional: Default to false.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) + + + +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + + + + + + + + + + + + + + + - - + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
hostUsersbooleanapiVersionstring - Use the host's user namespace. -Optional: Default to true. -If set to true or not present, the pod will be run in the host user namespace, useful -for when the pod needs a feature only available to the host user namespace, such as -loading a kernel module with CAP_SYS_MODULE. -When set to false, a new userns is created for the pod. Setting false is useful for -mitigating container breakout vulnerabilities even allowing users to run their -containers as root without actually having root privileges on the host. -This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + + + + + + + + + + + + + + + - + - - + + - - + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
hostnamecontainerName string - Specifies the hostname of the Pod -If not specified, the pod's hostname will be set to a system-defined value.
+ Container name: required for volumes, optional for env vars
 false
imagePullSecrets[]objectdivisorint or string - ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. -If specified, these secrets will be passed to individual puller implementations for them to use. -More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ Specifies the output format of the exposed resources, defaults to "1"
 false
initContainers
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].secret +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) + + + +secret information about the secret data to project + + + + + + + + + + + + - + - - + + - - - - +
NameTypeDescriptionRequired
items []object - List of initialization containers belonging to the pod. -Init containers are executed in order prior to containers being started. If any -init container fails, the pod is considered to have failed and is handled according -to its restartPolicy. The name for an init container or normal container must be -unique among all containers. -Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. -The resourceRequirements of an init container are taken into account during scheduling -by finding the highest request/limit for each resource type, and then using the max of -of that value or the sum of the normal containers. Limits are applied to init containers -in a similar fashion. -Init containers cannot currently be added or removed. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
nodeNamename string - NodeName is a request to schedule this pod onto a specific node. If it is non-empty, -the scheduler simply schedules this pod onto that node, assuming that it fits resource -requirements.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
nodeSelectormap[string]stringoptionalboolean - NodeSelector is a selector which must be true for the pod to fit on a node. -Selector which must match a node's labels for the pod to be scheduled on that node. -More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ optional field specify whether the Secret or its key must be defined
 false
osobject - Specifies the OS of the containers in the pod. -Some pod and container fields are restricted if this is set. +
-If the OS field is set to linux, the following fields must be unset: --securityContext.windowsOptions +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindexsecret) -If the OS field is set to windows, following fields must be unset: -- spec.hostPID -- spec.hostIPC -- spec.hostUsers -- spec.securityContext.seLinuxOptions -- spec.securityContext.seccompProfile -- spec.securityContext.fsGroup -- spec.securityContext.fsGroupChangePolicy -- spec.securityContext.sysctls -- spec.shareProcessNamespace -- spec.securityContext.runAsUser -- spec.securityContext.runAsGroup -- spec.securityContext.supplementalGroups -- spec.containers[*].securityContext.seLinuxOptions -- spec.containers[*].securityContext.seccompProfile -- spec.containers[*].securityContext.capabilities -- spec.containers[*].securityContext.readOnlyRootFilesystem -- spec.containers[*].securityContext.privileged -- spec.containers[*].securityContext.allowPrivilegeEscalation -- spec.containers[*].securityContext.procMount -- spec.containers[*].securityContext.runAsUser -- spec.containers[*].securityContext.runAsGroup
- - false - - overhead - map[string]int or string + +Maps a string key to a path within a volume. + + + + + + + + + + + + + - + - + - + - + - - + +
NameTypeDescriptionRequired
keystring - Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. -This field will be autopopulated at admission time by the RuntimeClass admission controller. If -the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. -The RuntimeClass admission controller will reject Pod create requests which have the overhead already -set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value -defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. -More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ key is the key to project.
falsetrue
preemptionPolicypath string - PreemptionPolicy is the Policy for preempting pods with lower priority. -One of Never, PreemptLowerPriority. -Defaults to PreemptLowerPriority if unset.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
prioritymode integer - The priority value. Various system components use this field to find the -priority of the pod. When Priority Admission Controller is enabled, it -prevents users from setting this field. The admission controller populates -this field from PriorityClassName. -The higher the value, the higher the priority.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 false
priorityClassName
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].projected.sources[index].serviceAccountToken +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexprojectedsourcesindex) + + + +serviceAccountToken is information about the serviceAccountToken data to project + + + + + + + + + + + + - + - - + + - - + + + + +
NameTypeDescriptionRequired
path string - If specified, indicates the pod's priority. "system-node-critical" and -"system-cluster-critical" are two special keywords which indicate the -highest priorities with the former being the highest priority. Any other -name must be defined by creating a PriorityClass object with that name. -If not specified, the pod priority will be default or zero if there is no -default.
+ path is the path relative to the mount point of the file to project the +token into.
falsetrue
readinessGates[]objectaudiencestring - If specified, all readiness gates will be evaluated for pod readiness. -A pod is ready when all its containers are ready AND -all conditions specified in the readiness gates have status equal to "True" -More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
resourceClaims[]objectexpirationSecondsinteger - ResourceClaims defines which ResourceClaims must be allocated -and reserved before the Pod is allowed to start. The resources -will be made available to those containers which consume them -by name. + expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.
+
+ Format: int64
+ 		false
-This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].quobyte +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) -This field is immutable.
- - false - - restartPolicy + +quobyte represents a Quobyte mount on the host that shares a pod's lifetime + + + + + + + + + + + + - + - + - + - + - - + + - - + + - + - - + +
NameTypeDescriptionRequired
registry string - Restart policy for all containers within the pod. -One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. -Default to Always. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
falsetrue
runtimeClassNamevolume string - RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used -to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. -If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an -empty definition that uses the default runtime handler. -More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ volume is a string that references an already created Quobyte volume by name.
falsetrue
schedulerNamegroup string - If specified, the pod will be dispatched by specified scheduler. -If not specified, the pod will be dispatched by default scheduler.
+ group to map volume access to +Default is no group
 false
schedulingGates[]objectreadOnlyboolean - SchedulingGates is an opaque list of values that if specified will block scheduling the pod. -If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the -scheduler will not attempt to schedule the pod. - - -SchedulingGates can only be set at pod creation time, and be removed only afterwards. - - -This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
securityContextobjecttenantstring - SecurityContext holds pod-level security attributes and common container settings. -Optional: Defaults to empty. See type description for default values of each field.
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
 false
serviceAccountuser string - DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. -Deprecated: Use serviceAccountName instead.
+ user to map volume access to +Defaults to serivceaccount user
 false
serviceAccountName
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].rbd +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md + + + + + + + + + + + + - + - - + + - + - - + + - + - - + + - - + + - - + + - - + + + + +
NameTypeDescriptionRequired
image string - ServiceAccountName is the name of the ServiceAccount to use to run this pod. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
falsetrue
setHostnameAsFQDNbooleanmonitors[]string - If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). -In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). -In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. -If a pod does not have FQDN, this has no effect. -Default to false.
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
falsetrue
shareProcessNamespacebooleanfsTypestring - Share a single process namespace between all of the containers in a pod. -When this is set containers will be able to view and signal processes from other containers -in the same pod, and the first process in each container will not be assigned PID 1. -HostPID and ShareProcessNamespace cannot both be set. -Optional: Default to false.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
subdomainkeyring string - If specified, the fully qualified Pod hostname will be "...svc.". -If not specified, the pod will not have a domainname at all.
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
terminationGracePeriodSecondsintegerpoolstring - Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -If this value is nil, the default grace period will be used instead. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -Defaults to 30 seconds.
-
- Format: int64
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
tolerations[]objectreadOnlyboolean - If specified, the pod's tolerations.
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
topologySpreadConstraints[]objectsecretRefobject - TopologySpreadConstraints describes how a group of pods ought to spread across topology -domains. Scheduler will schedule pods in a way which abides by the constraints. -All topologySpreadConstraints are ANDed.
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
volumes[]objectuserstring - List of volumes that can be mounted by containers belonging to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].rbd.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexrbd) + + + +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].scaleIO +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gatewaystring + gateway is the host address of the ScaleIO API Gateway.
+ 		true
secretRefobject + secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
+ 		true
systemstring + system is the name of the storage system as configured in ScaleIO.
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
+ 		false
protectionDomainstring + protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
sslEnabledboolean + sslEnabled Flag enable/disable SSL communication with Gateway, default false
+ 		false
storageModestring + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
+ 		false
storagePoolstring + storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ 		false
volumeNamestring + volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].scaleIO.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexscaleio) + + + +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].secret +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
optionalboolean + optional field specify whether the Secret or its keys must be defined
+ 		false
secretNamestring + secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexsecret) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].storageos +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
+ 		false
volumeNamestring + volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
+ 		false
volumeNamespacestring + volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].storageos.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindexstorageos) + + + +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.manifests[index].vsphereVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmanifestsindex) + + + +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumePathstring + volumePath is the path that identifies vSphere volume vmdk
+ 		true
fsTypestring + fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
storagePolicyIDstring + storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ 		false
storagePolicyNamestring + storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.monitoring +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + + + +Monitoring defines the monitoring configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Enabled enables prometheus sidecar that scrapes metrics from the child cluster system components and expose +them as usual kubernetes pod metrics.
+ 		true
prometheusImagestring + PrometheusImage defines the image used for the prometheus sidecar.
+
+ Default: quay.io/k0sproject/prometheus:v2.44.0
+ 		true
proxyImagestring + ProxyImage defines the image used for the nginx proxy sidecar.
+
+ Default: nginx:1.19.10
+ 		true
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring +
+ 		true
awsElasticBlockStoreobject + awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		false
azureDiskobject + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ 		false
azureFileobject + azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ 		false
cephfsobject + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ 		false
cinderobject + cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
configMapobject + configMap represents a configMap that should populate this volume
+ 		false
csiobject + csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ 		false
downwardAPIobject + downwardAPI represents downward API about the pod that should populate this volume
+ 		false
emptyDirobject + emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ 		false
ephemeralobject + ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
+ 		false
fcobject + fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+ 		false
flexVolumeobject + flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
+ 		false
flockerobject + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ 		false
gcePersistentDiskobject + gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ 		false
gitRepoobject + gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
+ 		false
glusterfsobject + glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ 		false
hostPathobject + hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
+ 		false
iscsiobject + iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
+ 		false
nfsobject + nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		false
persistentVolumeClaimobject + persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
photonPersistentDiskobject + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ 		false
portworxVolumeobject + portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ 		false
projectedobject + projected items for all in one resources secrets, configmaps, and downward API
+ 		false
quobyteobject + quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ 		false
rbdobject + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
+ 		false
scaleIOobject + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ 		false
secretobject + secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
storageosobject + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ 		false
vsphereVolumeobject + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].awsElasticBlockStore +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumeIDstring + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		true
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
partitioninteger + partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].azureDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
diskNamestring + diskName is the Name of the data disk in the blob storage
+ 		true
diskURIstring + diskURI is the URI of data disk in the blob storage
+ 		true
cachingModestring + cachingMode is the Host Caching mode: None, Read Only, Read Write.
+ 		false
fsTypestring + fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
kindstring + kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].azureFile +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +azureFile represents an Azure File Service mount on the host and bind mount to the pod. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
secretNamestring + secretName is the name of secret that contains Azure Storage Account Name and Key
+ 		true
shareNamestring + shareName is the azure share Name
+ 		true
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].cephfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
monitors[]string + monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		true
pathstring + path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
+ 		false
readOnlyboolean + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
secretFilestring + secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
secretRefobject + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
userstring + user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].cephfs.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexcephfs) + + + +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].cinder +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumeIDstring + volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
secretRefobject + secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].cinder.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexcinder) + + + +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].configMap +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +configMap represents a configMap that should populate this volume + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + optional specify whether the ConfigMap or its keys must be defined
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexconfigmap) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].csi +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
driverstring + driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
+ 		true
fsTypestring + fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
+ 		false
nodePublishSecretRefobject + nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
+ 		false
readOnlyboolean + readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
+ 		false
volumeAttributesmap[string]string + volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].csi.nodePublishSecretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexcsi) + + + +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +downwardAPI represents downward API about the pod that should populate this volume + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + Items is a list of downward API volume file
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexdownwardapi) + + + +DownwardAPIVolumeFile represents information to create the file containing the pod field + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+ 		true
fieldRefobject + Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ 		false
modeinteger + Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexdownwardapiitemsindex) + + + +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexdownwardapiitemsindex) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].emptyDir +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
mediumstring + medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ 		false
sizeLimitint or string + sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumeClaimTemplateobject + Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeral) + + + +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
specobject + The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
+ 		true
metadataobject + May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplate) + + + +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessModes[]string + accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ 		false
dataSourceobject + dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ 		false
dataSourceRefobject + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
resourcesobject + resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ 		false
selectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassNamestring + storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ 		false
volumeModestring + volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
+ 		false
volumeNamestring + volumeName is the binding reference to the PersistentVolume backing this claim.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespec) + + + +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
kindstring + Kind is the type of resource being referenced
+ 		true
namestring + Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespec) + + + +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
kindstring + Kind is the type of resource being referenced
+ 		true
namestring + Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
namespacestring + Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespec) + + + +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespecresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespec) + + + +selector is a label query over volumes to consider for binding. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplatespecselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexephemeralvolumeclaimtemplate) + + + +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
+ 		false
labelsmap[string]string +
+ 		false
namestring +
+ 		false
namespacestring +
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].fc +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
luninteger + lun is Optional: FC target lun number
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
targetWWNs[]string + targetWWNs is Optional: FC target worldwide names (WWNs)
+ 		false
wwids[]string + wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].flexVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
driverstring + driver is the name of the driver to use for this volume.
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ 		false
optionsmap[string]string + options is Optional: this field holds extra command options if any.
+ 		false
readOnlyboolean + readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].flexVolume.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexflexvolume) + + + +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].flocker +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
datasetNamestring + datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
+ 		false
datasetUUIDstring + datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].gcePersistentDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pdNamestring + pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ 		true
fsTypestring + fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
partitioninteger + partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].gitRepo +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
repositorystring + repository is the URL
+ 		true
directorystring + directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
+ 		false
revisionstring + revision is the commit hash for the specified revision.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].glusterfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
endpointsstring + endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ 		true
pathstring + path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ 		true
readOnlyboolean + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].hostPath +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ 		true
typestring + type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].iscsi +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
iqnstring + iqn is the target iSCSI Qualified Name.
+ 		true
luninteger + lun represents iSCSI Target Lun number.
+
+ Format: int32
+ 		true
targetPortalstring + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		true
chapAuthDiscoveryboolean + chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+ 		false
chapAuthSessionboolean + chapAuthSession defines whether support iSCSI Session CHAP authentication
+ 		false
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
initiatorNamestring + initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
+ 		false
iscsiInterfacestring + iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
+ 		false
portals[]string + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
+ 		false
secretRefobject + secretRef is the CHAP Secret for iSCSI target and initiator authentication
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].iscsi.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexiscsi) + + + +secretRef is the CHAP Secret for iSCSI target and initiator authentication + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].nfs +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		true
serverstring + server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		true
readOnlyboolean + readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].persistentVolumeClaim +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claimNamestring + claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		true
readOnlyboolean + readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].photonPersistentDisk +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pdIDstring + pdID is the ID that identifies Photon Controller persistent disk
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].portworxVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +portworxVolume represents a portworx volume attached and mounted on kubelets host machine + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumeIDstring + volumeID uniquely identifies a Portworx volume
+ 		true
fsTypestring + fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +projected items for all in one resources secrets, configmaps, and downward API + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
sources[]object + sources is the list of volume projections
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojected) + + + +Projection that may be projected along with other supported volume types + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapobject + configMap information about the configMap data to project
+ 		false
downwardAPIobject + downwardAPI information about the downwardAPI data to project
+ 		false
secretobject + secret information about the secret data to project
+ 		false
serviceAccountTokenobject + serviceAccountToken is information about the serviceAccountToken data to project
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].configMap +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindex) + + + +configMap information about the configMap data to project + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + optional specify whether the ConfigMap or its keys must be defined
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].configMap.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindexconfigmap) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].downwardAPI +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindex) + + + +downwardAPI information about the downwardAPI data to project + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
items[]object + Items is a list of DownwardAPIVolume file
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindexdownwardapi) + + + +DownwardAPIVolumeFile represents information to create the file containing the pod field + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+ 		true
fieldRefobject + Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ 		false
modeinteger + Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindexdownwardapiitemsindex) + + + +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindexdownwardapiitemsindex) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].secret +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindex) + + + +secret information about the secret data to project + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + optional field specify whether the Secret or its key must be defined
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindexsecret) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].projected.sources[index].serviceAccountToken +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexprojectedsourcesindex) + + + +serviceAccountToken is information about the serviceAccountToken data to project + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + path is the path relative to the mount point of the file to project the +token into.
+ 		true
audiencestring + audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
+ 		false
expirationSecondsinteger + expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.
+
+ Format: int64
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].quobyte +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +quobyte represents a Quobyte mount on the host that shares a pod's lifetime + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
registrystring + registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
+ 		true
volumestring + volume is a string that references an already created Quobyte volume by name.
+ 		true
groupstring + group to map volume access to +Default is no group
+ 		false
readOnlyboolean + readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
+ 		false
tenantstring + tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ 		false
userstring + user to map volume access to +Defaults to serivceaccount user
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].rbd +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
imagestring + image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		true
monitors[]string + monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		true
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
keyringstring + keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
poolstring + pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
secretRefobject + secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
userstring + user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].rbd.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexrbd) + + + +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].scaleIO +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gatewaystring + gateway is the host address of the ScaleIO API Gateway.
+ 		true
secretRefobject + secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
+ 		true
systemstring + system is the name of the storage system as configured in ScaleIO.
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
+ 		false
protectionDomainstring + protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
sslEnabledboolean + sslEnabled Flag enable/disable SSL communication with Gateway, default false
+ 		false
storageModestring + storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
+ 		false
storagePoolstring + storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ 		false
volumeNamestring + volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].scaleIO.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexscaleio) + + + +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].secret +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
optionalboolean + optional field specify whether the Secret or its keys must be defined
+ 		false
secretNamestring + secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].secret.items[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexsecret) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the key to project.
+ 		true
pathstring + path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].storageos +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
+ 		false
volumeNamestring + volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
+ 		false
volumeNamespacestring + volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].storageos.secretRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindexstorageos) + + + +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.mounts[index].vsphereVolume +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecmountsindex) + + + +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
volumePathstring + volumePath is the path that identifies vSphere volume vmdk
+ 		true
fsTypestring + fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
storagePolicyIDstring + storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ 		false
storagePolicyNamestring + storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + + + +Persistence defines the persistence configuration. If empty k0smotron +will use emptyDir as a volume. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring +
+
+ Default: emptyDir
+ 		true
hostPathstring + HostPath defines the host path configuration. Will be used as is in case of .spec.persistence.type is hostPath.
+ 		false
persistentVolumeClaimobject + PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistence) + + + +PersistentVolumeClaim defines the PVC configuration. Will be used as is in case of .spec.persistence.type is pvc. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstring + APIVersion defines the versioned schema of this representation of an object. +Servers should convert recognized schemas to the latest internal value, and +may reject unrecognized values. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ 		false
kindstring + Kind is a string value representing the REST resource this object represents. +Servers may infer this from the endpoint the client submits requests to. +Cannot be updated. +In CamelCase. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ 		false
metadataobject + Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
statusobject + status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.metadata +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) + + + +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
+ 		false
labelsmap[string]string +
+ 		false
namestring +
+ 		false
namespacestring +
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) + + + +spec defines the desired characteristics of a volume requested by a pod author. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessModes[]string + accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ 		false
dataSourceobject + dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ 		false
dataSourceRefobject + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
resourcesobject + resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ 		false
selectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassNamestring + storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ 		false
volumeModestring + volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
+ 		false
volumeNamestring + volumeName is the binding reference to the PersistentVolume backing this claim.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.dataSource +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) + + + +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
kindstring + Kind is the type of resource being referenced
+ 		true
namestring + Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.dataSourceRef +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) + + + +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
kindstring + Kind is the type of resource being referenced
+ 		true
namestring + Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
namespacestring + Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.resources +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) + + + +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspecresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.selector +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspec) + + + +selector is a label query over volumes to consider for binding. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.spec.selector.matchExpressions[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimspecselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + key is the label key that the selector applies to.
+ 		true
operatorstring + operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.status +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaim) + + + +status represents the current information/status of a persistent volume claim. +Read-only. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessModes[]string + accessModes contains the actual access modes the volume backing the PVC has. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ 		false
allocatedResourceStatusesmap[string]string + allocatedResourceStatuses stores status of resource being resized for the given PVC. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +ClaimResourceStatus can be in any of following states: + - ControllerResizeInProgress: + State set when resize controller starts resizing the volume in control-plane. + - ControllerResizeFailed: + State set when resize has failed in resize controller with a terminal error. + - NodeResizePending: + State set when resize controller has finished resizing the volume but further resizing of + volume is needed on the node. + - NodeResizeInProgress: + State set when kubelet starts resizing the volume. + - NodeResizeFailed: + State set when resizing has failed in kubelet with a terminal error. Transient errors don't set + NodeResizeFailed. +For example: if expanding a PVC for more capacity - this field can be one of the following states: + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "ControllerResizeFailed" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizePending" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeInProgress" + - pvc.status.allocatedResourceStatus['storage'] = "NodeResizeFailed" +When this field is not set, it means that no resize operation is in progress for the given PVC. + + +A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ 		false
allocatedResourcesmap[string]int or string + allocatedResources tracks the resources allocated to a PVC including its capacity. +Key names follow standard Kubernetes label syntax. Valid values are either: + * Un-prefixed keys: + - storage - the capacity of the volume. + * Custom resources must use implementation-defined prefixed names such as "example.com/my-custom-resource" +Apart from above values - keys that are unprefixed or have kubernetes.io prefix are considered +reserved and hence may not be used. + + +Capacity reported here may be larger than the actual capacity when a volume expansion operation +is requested. +For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. +If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. +If a volume expansion capacity request is lowered, allocatedResources is only +lowered if there are no expansion operations in progress and if the actual volume capacity +is equal or lower than the requested capacity. + + +A controller that receives PVC update with previously unknown resourceName +should ignore the update for the purpose it was designed. For example - a controller that +only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid +resources associated with PVC. + + +This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.
+ 		false
capacitymap[string]int or string + capacity represents the actual resources of the underlying volume.
+ 		false
conditions[]object + conditions is the current Condition of persistent volume claim. If underlying persistent volume is being +resized then the Condition will be set to 'ResizeStarted'.
+ 		false
phasestring + phase represents the current phase of PersistentVolumeClaim.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.persistence.persistentVolumeClaim.status.conditions[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecpersistencepersistentvolumeclaimstatus) + + + +PersistentVolumeClaimCondition contains details about state of pvc + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
statusstring +
+ 		true
typestring + PersistentVolumeClaimConditionType is a valid value of PersistentVolumeClaimCondition.Type
+ 		true
lastProbeTimestring + lastProbeTime is the time we probed the condition.
+
+ Format: date-time
+ 		false
lastTransitionTimestring + lastTransitionTime is the time the condition transitioned from one status to another.
+
+ Format: date-time
+ 		false
messagestring + message is the human-readable message indicating details about last transition.
+ 		false
reasonstring + reason is a unique, this should be a short, machine understandable string that gives the reason +for condition's last transition. If it reports "ResizeStarted" that means the underlying +persistent volume is being resized.
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.resources +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + + + +Resources describes the compute resource requirements for the control plane pods. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.resources.claims[index] +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespecresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### K0smotronControlPlaneTemplate.spec.template.spec.service +[↩ Parent](#k0smotroncontrolplanetemplatespectemplatespec) + + + +Service defines the service configuration. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typeenum + Service Type string describes ingress methods for a service
+
+ Enum: ClusterIP, NodePort, LoadBalancer
+ Default: ClusterIP
+ 		true
annotationsmap[string]string + Annotations defines extra annotations to be added to the service.
+ 		false
apiPortinteger + APIPort defines the kubernetes API port. If empty k0smotron +will pick it automatically.
+
+ Default: 30443
+ 		false
konnectivityPortinteger + KonnectivityPort defines the konnectivity port. If empty k0smotron +will pick it automatically.
+
+ Default: 30132
+ 		false
+ +# infrastructure.cluster.x-k8s.io/v1beta1 + +Resource Types: + +- [PooledRemoteMachine](#pooledremotemachine) + +- [RemoteCluster](#remotecluster) + +- [RemoteMachine](#remotemachine) + +- [RemoteMachineTemplate](#remotemachinetemplate) + + + + +## PooledRemoteMachine +[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringPooledRemoteMachinetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject +
+ 		false
statusobject +
+ 		false
+ + +### PooledRemoteMachine.spec +[↩ Parent](#pooledremotemachine) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
machineobject +
+ 		true
poolstring +
+ 		true
+ + +### PooledRemoteMachine.spec.machine +[↩ Parent](#pooledremotemachinespec) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
addressstring + Address is the IP address or DNS name of the remote machine.
+ 		true
sshKeyRefobject + SSHKeyRef is a reference to a secret that contains the SSH private key. +The key must be placed on the secret using the key "value".
+ 		true
portinteger + Port is the SSH port of the remote machine.
+
+ Default: 22
+ 		false
userstring + User is the user to use when connecting to the remote machine.
+
+ Default: root
+ 		false
+ + +### PooledRemoteMachine.spec.machine.sshKeyRef +[↩ Parent](#pooledremotemachinespecmachine) + + + +SSHKeyRef is a reference to a secret that contains the SSH private key. +The key must be placed on the secret using the key "value". + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name is the name of the secret.
+ 		true
+ + +### PooledRemoteMachine.status +[↩ Parent](#pooledremotemachine) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
machineRefobject +
+ 		true
reservedboolean +
+ 		true
+ + +### PooledRemoteMachine.status.machineRef +[↩ Parent](#pooledremotemachinestatus) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring +
+ 		true
namespacestring +
+ 		true
+ +## RemoteCluster +[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteClustertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject + RemoteClusterSpec defines the desired state of RemoteCluster
+ 		false
statusobject + RemoteClusterStatus defines the observed state of RemoteCluster
+ 		false
+ + +### RemoteCluster.spec +[↩ Parent](#remotecluster) + + + +RemoteClusterSpec defines the desired state of RemoteCluster + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
controlPlaneEndpointobject + APIEndpoint represents a reachable Kubernetes API endpoint.
+ 		true
+ + +### RemoteCluster.spec.controlPlaneEndpoint +[↩ Parent](#remoteclusterspec) + + + +APIEndpoint represents a reachable Kubernetes API endpoint. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
hoststring + The hostname on which the API server is serving.
+ 		true
portinteger + The port on which the API server is serving.
+
+ Format: int32
+ 		true
+ + +### RemoteCluster.status +[↩ Parent](#remotecluster) + + + +RemoteClusterStatus defines the observed state of RemoteCluster + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
readyboolean + Ready denotes that the remote cluster is ready to be used.
+
+ Default: false
+ 		true
+ +## RemoteMachine +[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteMachinetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject + RemoteMachineSpec defines the desired state of RemoteMachine
+ 		false
statusobject + RemoteMachineStatus defines the observed state of RemoteMachine
+ 		false
+ + +### RemoteMachine.spec +[↩ Parent](#remotemachine) + + + +RemoteMachineSpec defines the desired state of RemoteMachine + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
addressstring + Address is the IP address or DNS name of the remote machine.
+ 		false
poolstring + Pool is the name of the pool where the machine belongs to.
+ 		false
portinteger + Port is the SSH port of the remote machine.
+
+ Default: 22
+ 		false
providerIDstring + ProviderID is the ID of the machine in the provider.
+ 		false
provisionJobobject + ProvisionJob describes the kubernetes Job to use to provision the machine.
+ 		false
sshKeyRefobject + SSHKeyRef is a reference to a secret that contains the SSH private key. +The key must be placed on the secret using the key "value".
+ 		false
useSudoboolean +
+ 		false
userstring + User is the user to use when connecting to the remote machine.
+
+ Default: root
+ 		false
+ + +### RemoteMachine.spec.provisionJob +[↩ Parent](#remotemachinespec) + + + +ProvisionJob describes the kubernetes Job to use to provision the machine. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
jobSpecTemplateobject + JobTemplate is the job template to use to provision the machine.
+ 		false
scpCommandstring +
+
+ Default: scp
+ 		false
sshCommandstring +
+
+ Default: ssh
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate +[↩ Parent](#remotemachinespecprovisionjob) + + + +JobTemplate is the job template to use to provision the machine. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
metadataobject + Standard object's metadata of the jobs created from this template. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + Specification of the desired behavior of the job. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.metadata +[↩ Parent](#remotemachinespecprovisionjobjobspectemplate) + + + +Standard object's metadata of the jobs created from this template. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
+ 		false
labelsmap[string]string +
+ 		false
namestring +
+ 		false
namespacestring +
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplate) + + + +Specification of the desired behavior of the job. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
templateobject + Describes the pod that will be created when executing a job. +The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". +More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+ 		true
activeDeadlineSecondsinteger + Specifies the duration in seconds relative to the startTime that the job +may be continuously active before the system tries to terminate it; value +must be positive integer. If a Job is suspended (at creation or through an +update), this timer will effectively be stopped and reset when the Job is +resumed again.
+
+ Format: int64
+ 		false
backoffLimitinteger + Specifies the number of retries before marking this job failed. +Defaults to 6
+
+ Format: int32
+ 		false
backoffLimitPerIndexinteger + Specifies the limit for the number of retries within an +index before marking this index as failed. When enabled the number of +failures per index is kept in the pod's +batch.kubernetes.io/job-index-failure-count annotation. It can only +be set when Job's completionMode=Indexed, and the Pod's restart +policy is Never. The field is immutable. +This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` +feature gate is enabled (disabled by default).
+
+ Format: int32
+ 		false
completionModestring + completionMode specifies how Pod completions are tracked. It can be +`NonIndexed` (default) or `Indexed`. + + +`NonIndexed` means that the Job is considered complete when there have +been .spec.completions successfully completed Pods. Each Pod completion is +homologous to each other. + + +`Indexed` means that the Pods of a +Job get an associated completion index from 0 to (.spec.completions - 1), +available in the annotation batch.kubernetes.io/job-completion-index. +The Job is considered complete when there is one successfully completed Pod +for each index. +When value is `Indexed`, .spec.completions must be specified and +`.spec.parallelism` must be less than or equal to 10^5. +In addition, The Pod name takes the form +`$(job-name)-$(index)-$(random-string)`, +the Pod hostname takes the form `$(job-name)-$(index)`. + + +More completion modes can be added in the future. +If the Job controller observes a mode that it doesn't recognize, which +is possible during upgrades due to version skew, the controller +skips updates for the Job.
+ 		false
completionsinteger + Specifies the desired number of successfully finished pods the +job should be run with. Setting to null means that the success of any +pod signals the success of all pods, and allows parallelism to have any positive +value. Setting to 1 means that parallelism is limited to 1 and the success of that +pod signals the success of the job. +More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+ Format: int32
+ 		false
manualSelectorboolean + manualSelector controls generation of pod labels and pod selectors. +Leave `manualSelector` unset unless you are certain what you are doing. +When false or unset, the system pick labels unique to this job +and appends those labels to the pod template. When true, +the user is responsible for picking unique labels and specifying +the selector. Failure to pick a unique label may cause this +and other jobs to not function correctly. However, You may see +`manualSelector=true` in jobs that were created with the old `extensions/v1beta1` +API. +More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
+ 		false
maxFailedIndexesinteger + Specifies the maximal number of failed indexes before marking the Job as +failed, when backoffLimitPerIndex is set. Once the number of failed +indexes exceeds this number the entire Job is marked as Failed and its +execution is terminated. When left as null the job continues execution of +all of its indexes and is marked with the `Complete` Job condition. +It can only be specified when backoffLimitPerIndex is set. +It can be null or up to completions. It is required and must be +less than or equal to 10^4 when is completions greater than 10^5. +This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex` +feature gate is enabled (disabled by default).
+
+ Format: int32
+ 		false
parallelisminteger + Specifies the maximum desired number of pods the job should +run at any given time. The actual number of pods running in steady state will +be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism), +i.e. when the work left to do is less than max parallelism. +More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
+
+ Format: int32
+ 		false
podFailurePolicyobject + Specifies the policy of handling failed pods. In particular, it allows to +specify the set of actions and conditions which need to be +satisfied to take the associated action. +If empty, the default behaviour applies - the counter of failed pods, +represented by the jobs's .status.failed field, is incremented and it is +checked against the backoffLimit. This field cannot be used in combination +with restartPolicy=OnFailure. + + +This field is beta-level. It can be used when the `JobPodFailurePolicy` +feature gate is enabled (enabled by default).
+ 		false
podReplacementPolicystring + podReplacementPolicy specifies when to create replacement Pods. +Possible values are: +- TerminatingOrFailed means that we recreate pods + when they are terminating (has a metadata.deletionTimestamp) or failed. +- Failed means to wait until a previously created Pod is fully terminated (has phase + Failed or Succeeded) before creating a replacement Pod. + + +When using podFailurePolicy, Failed is the the only allowed value. +TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use. +This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
+ 		false
selectorobject + A label query over pods that should match the pod count. +Normally, the system sets this field for you. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
+ 		false
suspendboolean + suspend specifies whether the Job controller should create Pods or not. If +a Job is created with suspend set to true, no Pods are created by the Job +controller. If a Job is suspended after creation (i.e. the flag goes from +false to true), the Job controller will delete all active Pods associated +with this Job. Users must design their workload to gracefully handle this. +Suspending a Job will reset the StartTime field of the Job, effectively +resetting the ActiveDeadlineSeconds timer too. Defaults to false.
+ 		false
ttlSecondsAfterFinishedinteger + ttlSecondsAfterFinished limits the lifetime of a Job that has finished +execution (either Complete or Failed). If this field is set, +ttlSecondsAfterFinished after the Job finishes, it is eligible to be +automatically deleted. When the Job is being deleted, its lifecycle +guarantees (e.g. finalizers) will be honored. If this field is unset, +the Job won't be automatically deleted. If this field is set to zero, +the Job becomes eligible to be deleted immediately after it finishes.
+
+ Format: int32
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) + + + +Describes the pod that will be created when executing a job. +The only allowed template.spec.restartPolicy values are "Never" or "OnFailure". +More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/ + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
metadataobject + Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
+ 		false
specobject + Specification of the desired behavior of the pod. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.metadata +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplate) + + + +Standard object's metadata. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string +
+ 		false
finalizers[]string +
+ 		false
labelsmap[string]string +
+ 		false
namestring +
+ 		false
namespacestring +
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplate) + + + +Specification of the desired behavior of the pod. +More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
containers[]object + List of containers belonging to the pod. +Containers cannot currently be added or removed. +There must be at least one container in a Pod. +Cannot be updated.
+ 		true
activeDeadlineSecondsinteger + Optional duration in seconds the pod may be active on the node relative to +StartTime before the system will actively try to mark it failed and kill associated containers. +Value must be a positive integer.
+
+ Format: int64
+ 		false
affinityobject + If specified, the pod's scheduling constraints
+ 		false
automountServiceAccountTokenboolean + AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.
+ 		false
dnsConfigobject + Specifies the DNS parameters of a pod. +Parameters specified here will be merged to the generated DNS +configuration based on DNSPolicy.
+ 		false
dnsPolicystring + Set DNS policy for the pod. +Defaults to "ClusterFirst". +Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. +DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. +To have DNS options set along with hostNetwork, you have to specify DNS policy +explicitly to 'ClusterFirstWithHostNet'.
+ 		false
enableServiceLinksboolean + EnableServiceLinks indicates whether information about services should be injected into pod's +environment variables, matching the syntax of Docker links. +Optional: Defaults to true.
+ 		false
ephemeralContainers[]object + List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing +pod to perform user-initiated actions such as debugging. This list cannot be specified when +creating a pod, and it cannot be modified by updating the pod spec. In order to add an +ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.
+ 		false
hostAliases[]object + HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts +file if specified. This is only valid for non-hostNetwork pods.
+ 		false
hostIPCboolean + Use the host's ipc namespace. +Optional: Default to false.
+ 		false
hostNetworkboolean + Host networking requested for this pod. Use the host's network namespace. +If this option is set, the ports that will be used must be specified. +Default to false.
+ 		false
hostPIDboolean + Use the host's pid namespace. +Optional: Default to false.
+ 		false
hostUsersboolean + Use the host's user namespace. +Optional: Default to true. +If set to true or not present, the pod will be run in the host user namespace, useful +for when the pod needs a feature only available to the host user namespace, such as +loading a kernel module with CAP_SYS_MODULE. +When set to false, a new userns is created for the pod. Setting false is useful for +mitigating container breakout vulnerabilities even allowing users to run their +containers as root without actually having root privileges on the host. +This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.
+ 		false
hostnamestring + Specifies the hostname of the Pod +If not specified, the pod's hostname will be set to a system-defined value.
+ 		false
imagePullSecrets[]object + ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. +If specified, these secrets will be passed to individual puller implementations for them to use. +More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod
+ 		false
initContainers[]object + List of initialization containers belonging to the pod. +Init containers are executed in order prior to containers being started. If any +init container fails, the pod is considered to have failed and is handled according +to its restartPolicy. The name for an init container or normal container must be +unique among all containers. +Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. +The resourceRequirements of an init container are taken into account during scheduling +by finding the highest request/limit for each resource type, and then using the max of +of that value or the sum of the normal containers. Limits are applied to init containers +in a similar fashion. +Init containers cannot currently be added or removed. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+ 		false
nodeNamestring + NodeName is a request to schedule this pod onto a specific node. If it is non-empty, +the scheduler simply schedules this pod onto that node, assuming that it fits resource +requirements.
+ 		false
nodeSelectormap[string]string + NodeSelector is a selector which must be true for the pod to fit on a node. +Selector which must match a node's labels for the pod to be scheduled on that node. +More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ 		false
osobject + Specifies the OS of the containers in the pod. +Some pod and container fields are restricted if this is set. + + +If the OS field is set to linux, the following fields must be unset: +-securityContext.windowsOptions + + +If the OS field is set to windows, following fields must be unset: +- spec.hostPID +- spec.hostIPC +- spec.hostUsers +- spec.securityContext.seLinuxOptions +- spec.securityContext.seccompProfile +- spec.securityContext.fsGroup +- spec.securityContext.fsGroupChangePolicy +- spec.securityContext.sysctls +- spec.shareProcessNamespace +- spec.securityContext.runAsUser +- spec.securityContext.runAsGroup +- spec.securityContext.supplementalGroups +- spec.containers[*].securityContext.seLinuxOptions +- spec.containers[*].securityContext.seccompProfile +- spec.containers[*].securityContext.capabilities +- spec.containers[*].securityContext.readOnlyRootFilesystem +- spec.containers[*].securityContext.privileged +- spec.containers[*].securityContext.allowPrivilegeEscalation +- spec.containers[*].securityContext.procMount +- spec.containers[*].securityContext.runAsUser +- spec.containers[*].securityContext.runAsGroup
+ 		false
overheadmap[string]int or string + Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. +This field will be autopopulated at admission time by the RuntimeClass admission controller. If +the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. +The RuntimeClass admission controller will reject Pod create requests which have the overhead already +set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value +defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. +More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md
+ 		false
preemptionPolicystring + PreemptionPolicy is the Policy for preempting pods with lower priority. +One of Never, PreemptLowerPriority. +Defaults to PreemptLowerPriority if unset.
+ 		false
priorityinteger + The priority value. Various system components use this field to find the +priority of the pod. When Priority Admission Controller is enabled, it +prevents users from setting this field. The admission controller populates +this field from PriorityClassName. +The higher the value, the higher the priority.
+
+ Format: int32
+ 		false
priorityClassNamestring + If specified, indicates the pod's priority. "system-node-critical" and +"system-cluster-critical" are two special keywords which indicate the +highest priorities with the former being the highest priority. Any other +name must be defined by creating a PriorityClass object with that name. +If not specified, the pod priority will be default or zero if there is no +default.
+ 		false
readinessGates[]object + If specified, all readiness gates will be evaluated for pod readiness. +A pod is ready when all its containers are ready AND +all conditions specified in the readiness gates have status equal to "True" +More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates
+ 		false
resourceClaims[]object + ResourceClaims defines which ResourceClaims must be allocated +and reserved before the Pod is allowed to start. The resources +will be made available to those containers which consume them +by name. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable.
+ 		false
restartPolicystring + Restart policy for all containers within the pod. +One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. +Default to Always. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
+ 		false
runtimeClassNamestring + RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used +to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. +If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an +empty definition that uses the default runtime handler. +More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class
+ 		false
schedulerNamestring + If specified, the pod will be dispatched by specified scheduler. +If not specified, the pod will be dispatched by default scheduler.
+ 		false
schedulingGates[]object + SchedulingGates is an opaque list of values that if specified will block scheduling the pod. +If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the +scheduler will not attempt to schedule the pod. + + +SchedulingGates can only be set at pod creation time, and be removed only afterwards. + + +This is a beta feature enabled by the PodSchedulingReadiness feature gate.
+ 		false
securityContextobject + SecurityContext holds pod-level security attributes and common container settings. +Optional: Defaults to empty. See type description for default values of each field.
+ 		false
serviceAccountstring + DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. +Deprecated: Use serviceAccountName instead.
+ 		false
serviceAccountNamestring + ServiceAccountName is the name of the ServiceAccount to use to run this pod. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+ 		false
setHostnameAsFQDNboolean + If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). +In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). +In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. +If a pod does not have FQDN, this has no effect. +Default to false.
+ 		false
shareProcessNamespaceboolean + Share a single process namespace between all of the containers in a pod. +When this is set containers will be able to view and signal processes from other containers +in the same pod, and the first process in each container will not be assigned PID 1. +HostPID and ShareProcessNamespace cannot both be set. +Optional: Default to false.
+ 		false
subdomainstring + If specified, the fully qualified Pod hostname will be "...svc.". +If not specified, the pod will not have a domainname at all.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +If this value is nil, the default grace period will be used instead. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +Defaults to 30 seconds.
+
+ Format: int64
+ 		false
tolerations[]object + If specified, the pod's tolerations.
+ 		false
topologySpreadConstraints[]object + TopologySpreadConstraints describes how a group of pods ought to spread across topology +domains. Scheduler will schedule pods in a way which abides by the constraints. +All topologySpreadConstraints are ANDed.
+ 		false
volumes[]object + List of volumes that can be mounted by containers belonging to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) + + + +A single application container that you want to run within a pod. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
+ 		true
args[]string + Arguments to the entrypoint. +The container image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ 		false
command[]string + Entrypoint array. Not executed within a shell. +The container image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ 		false
env[]object + List of environment variables to set in the container. +Cannot be updated.
+ 		false
envFrom[]object + List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
+ 		false
imagestring + Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
+ 		false
imagePullPolicystring + Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ 		false
lifecycleobject + Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
+ 		false
livenessProbeobject + Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ 		false
ports[]object + List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
+ 		false
readinessProbeobject + Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ 		false
resizePolicy[]object + Resources resize policy for the container.
+ 		false
resourcesobject + Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
restartPolicystring + RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
+ 		false
securityContextobject + SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ 		false
startupProbeobject + StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ 		false
stdinboolean + Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
+ 		false
stdinOnceboolean + Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
+ 		false
terminationMessagePathstring + Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
+ 		false
terminationMessagePolicystring + Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
+ 		false
ttyboolean + Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
+ 		false
volumeDevices[]object + volumeDevices is the list of block devices to be used by the container.
+ 		false
volumeMounts[]object + Pod volumes to mount into the container's filesystem. +Cannot be updated.
+ 		false
workingDirstring + Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.configMapKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.fieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.resourceFieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.secretKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +EnvFromSource represents the source of a set of ConfigMaps + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapRefobject + The ConfigMap to select from
+ 		false
prefixstring + An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ 		false
secretRefobject + The Secret to select from
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index].configMapRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvfromindex) + + + +The ConfigMap to select from + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the ConfigMap must be defined
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index].secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvfromindex) + + + +The Secret to select from + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + Specify whether the Secret must be defined
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +Actions that the management system should take in response to container lifecycle events. +Cannot be updated. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
postStartobject + PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ 		false
preStopobject + PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycle) + + + +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
execobject + Exec specifies the action to take.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
tcpSocketobject + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) + + + +Exec specifies the action to take. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
command[]string + Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders[]object + Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststarthttpget) + + + +HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) + + + +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Optional: Host name to connect to, defaults to the pod IP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycle) + + + +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
execobject + Exec specifies the action to take.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
tcpSocketobject + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) + + + +Exec specifies the action to take. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
command[]string + Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders[]object + Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestophttpget) + + + +HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) + + + +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Optional: Host name to connect to, defaults to the pod IP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
execobject + Exec specifies the action to take.
+ 		false
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
+ 		false
grpcobject + GRPC specifies an action involving a GRPC port.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySecondsinteger + Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
periodSecondsinteger + How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
+ 		false
tcpSocketobject + TCPSocket specifies an action involving a TCP port.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
+ 		false
timeoutSecondsinteger + Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) + + + +Exec specifies the action to take. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
command[]string + Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) + + + +GRPC specifies an action involving a GRPC port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
+ 		true
servicestring + Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders[]object + Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobehttpget) + + + +HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) + + + +TCPSocket specifies an action involving a TCP port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Optional: Host name to connect to, defaults to the pod IP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].ports[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +ContainerPort represents a network port in a single container. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
containerPortinteger + Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.
+
+ Format: int32
+ 		true
hostIPstring + What host IP to bind the external port to.
+ 		false
hostPortinteger + Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.
+
+ Format: int32
+ 		false
namestring + If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
+ 		false
protocolstring + Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".
+
+ Default: TCP
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
execobject + Exec specifies the action to take.
+ 		false
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
+ 		false
grpcobject + GRPC specifies an action involving a GRPC port.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySecondsinteger + Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
periodSecondsinteger + How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
+ 		false
tcpSocketobject + TCPSocket specifies an action involving a TCP port.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
+ 		false
timeoutSecondsinteger + Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) + + + +Exec specifies the action to take. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
command[]string + Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) + + + +GRPC specifies an action involving a GRPC port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
+ 		true
servicestring + Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders[]object + Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobehttpget) + + + +HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) + + + +TCPSocket specifies an action involving a TCP port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Optional: Host name to connect to, defaults to the pod IP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resizePolicy[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +ContainerResizePolicy represents resource resize policy for the container. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourceNamestring + Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
+ 		true
restartPolicystring + Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resources +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resources.claims[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexresources) + + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
allowPrivilegeEscalationboolean + AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
+ 		false
capabilitiesobject + The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
privilegedboolean + Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
procMountstring + procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
readOnlyRootFilesystemboolean + Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
runAsGroupinteger + The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
runAsNonRootboolean + Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
runAsUserinteger + The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
seLinuxOptionsobject + The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
seccompProfileobject + The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
windowsOptionsobject + The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.capabilities +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) + + + +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
add[]string + Added capabilities
+ 		false
drop[]string + Removed capabilities
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.seLinuxOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) + + + +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
levelstring + Level is SELinux level label that applies to the container.
+ 		false
rolestring + Role is a SELinux role label that applies to the container.
+ 		false
typestring + Type is a SELinux type label that applies to the container.
+ 		false
userstring + User is a SELinux user label that applies to the container.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.seccompProfile +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) + + + +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typestring + type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
+ 		true
localhostProfilestring + localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.windowsOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) + + + +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
gmsaCredentialSpecstring + GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
+ 		false
gmsaCredentialSpecNamestring + GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ 		false
hostProcessboolean + HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
execobject + Exec specifies the action to take.
+ 		false
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
+ 		false
grpcobject + GRPC specifies an action involving a GRPC port.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySecondsinteger + Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
periodSecondsinteger + How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
+ 		false
tcpSocketobject + TCPSocket specifies an action involving a TCP port.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
+ 		false
timeoutSecondsinteger + Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) + + + +Exec specifies the action to take. + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
command[]string + Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) + + + +GRPC specifies an action involving a GRPC port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
+ 		true
servicestring + Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders[]object + Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobehttpget) + + + +HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) + + + +TCPSocket specifies an action involving a TCP port. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Optional: Host name to connect to, defaults to the pod IP.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].volumeDevices[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +volumeDevice describes a mapping of a raw block device within a container. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
devicePathstring + devicePath is the path inside of the container that the device will be mapped to.
+ 		true
namestring + name must match the name of a persistentVolumeClaim in the pod
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].volumeMounts[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) + + + +VolumeMount describes a mounting of a Volume within a container. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
mountPathstring + Path within the container at which the volume should be mounted. Must +not contain ':'.
+ 		true
namestring + This must match the Name of a Volume.
+ 		true
mountPropagationstring + mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
+ 		false
readOnlyboolean + Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
+ 		false
subPathstring + Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
+ 		false
subPathExprstring + Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) + + + +If specified, the pod's scheduling constraints + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
nodeAffinityobject + Describes node affinity scheduling rules for the pod.
+ 		false
podAffinityobject + Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
podAntiAffinityobject + Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) + + + +Describes node affinity scheduling rules for the pod. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution[]object + The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node matches the corresponding matchExpressions; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecutionobject + If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinity) + + + +An empty preferred scheduling term matches all objects with implicit weight 0 +(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
preferenceobject + A node selector term, associated with the corresponding weight.
+ 		true
weightinteger + Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+
+ Format: int32
+ 		true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) + + + +A node selector term, associated with the corresponding weight. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
matchExpressions[]object + A list of node selector requirements by node's labels.
+ 		false
matchFields[]object + A list of node selector requirements by node's fields.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The label key that the selector applies to.
+ 		true
operatorstring + Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ 		true
values[]string + An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinity) + + + +If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to an update), the system +may or may not try to eventually evict the pod from its node. + + + + + + + + + + + + + + - +
NameTypeDescriptionRequired
nodeSelectorTerms[]object + Required. A list of node selector terms. The terms are ORed.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecution) -A single application container that you want to run within a pod. +A null or empty node selector term matches no objects. The requirements of +them are ANDed. +The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. @@ -13225,274 +23142,171 @@ A single application container that you want to run within a pod. - - - - - - - - - - - - - - - - + - + - - - - - - - + +
namestring - Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). -Cannot be updated.
- 		true
args[]string - Arguments to the entrypoint. -The container image's CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- 		false
command[]string - Entrypoint array. Not executed within a shell. -The container image's ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
- 		false
envmatchExpressions []object - List of environment variables to set in the container. -Cannot be updated.
+ A list of node selector requirements by node's labels.
 false
envFrommatchFields []object - List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. -Cannot be updated.
- 		false
imagestring - Container image name. -More info: https://kubernetes.io/docs/concepts/containers/images -This field is optional to allow higher level config management to default or override -container images in workload controllers like Deployments and StatefulSets.
+ A list of node selector requirements by node's fields.
 false
imagePullPolicy
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - - - - - - - - - - - - - - - - + - - + + - - + +
NameTypeDescriptionRequired
key string - Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
- 		false
lifecycleobject - Actions that the management system should take in response to container lifecycle events. -Cannot be updated.
- 		false
livenessProbeobject - Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- 		false
ports[]object - List of ports to expose from the container. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default "0.0.0.0" address inside a container will be -accessible from the network. -Modifying this array with strategic merge patch may corrupt the data. -For more information See https://github.com/kubernetes/kubernetes/issues/108255. -Cannot be updated.
- 		false
readinessProbeobject - Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- 		false
resizePolicy[]object - Resources resize policy for the container.
- 		false
resourcesobject - Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ The label key that the selector applies to.
falsetrue
restartPolicyoperator string - RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, -the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: -this init container will be continually restarted on -exit until all regular containers have terminated. Once all regular -containers have completed, all init containers with restartPolicy "Always" -will be shut down. This lifecycle differs from normal init containers and -is often referred to as a "sidecar" container. Although this init -container still starts in the init container sequence, it does not wait -for the container to complete before proceeding to the next init -container. Instead, the next init container starts immediately after this -init container is started, or after any startupProbe has successfully -completed.
- 		false
securityContextobject - SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
- 		false
startupProbeobject - StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- 		false
stdinboolean - Whether this container should allocate a buffer for stdin in the container runtime. If this -is not set, reads from stdin in the container will always result in EOF. -Default is false.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
falsetrue
stdinOncebooleanvalues[]string - Whether the container runtime should close the stdin channel after it has been opened by -a single attach. When stdin is true the stdin stream will remain open across multiple attach -sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the -first client attaches to stdin, and then remains open and accepts data until the client disconnects, -at which time stdin is closed and remains closed until the container is restarted. If this -flag is false, a container processes that reads from stdin will never receive an EOF. -Default is false
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
terminationMessagePath
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) + + + +A node selector requirement is a selector that contains values, a key, and an operator +that relates the key and values. + + + + + + + + + + + + - + - + - + - - + + - - + +
NameTypeDescriptionRequired
key string - Optional: Path at which the file to which the container's termination message -will be written is mounted into the container's filesystem. -Message written is intended to be brief final status, such as an assertion failure message. -Will be truncated by the node if greater than 4096 bytes. The total message length across -all containers will be limited to 12kb. -Defaults to /dev/termination-log. -Cannot be updated.
+ The label key that the selector applies to.
falsetrue
terminationMessagePolicyoperator string - Indicate how the termination message should be populated. File will use the contents of -terminationMessagePath to populate the container status message on both success and failure. -FallbackToLogsOnError will use the last chunk of container log output if the termination -message file is empty and the container exited with an error. -The log output is limited to 2048 bytes or 80 lines, whichever is smaller. -Defaults to File. -Cannot be updated.
+ Represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
falsetrue
ttybooleanvalues[]string - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. -Default is false.
+ An array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. If the operator is Gt or Lt, the values +array must have a single element, which will be interpreted as an integer. +This array is replaced during a strategic merge patch.
 false
volumeDevices
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) + + + +Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + + + + + + + + + + + + - + - - - - -
NameTypeDescriptionRequired
preferredDuringSchedulingIgnoredDuringExecution []object - volumeDevices is the list of block devices to be used by the container.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
 false
volumeMountsrequiredDuringSchedulingIgnoredDuringExecution []object - Pod volumes to mount into the container's filesystem. -Cannot be updated.
- 		false
workingDirstring - Container's working directory. -If not specified, the container runtime's default will be used, which -might be configured in the container image. -Cannot be updated.
+ If the affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinity) -EnvVar represents an environment variable present in a Container. +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -13504,44 +23318,32 @@ EnvVar represents an environment variable present in a Container. - - + + - - - - - - - + + - +
namestringpodAffinityTermobject - Name of the environment variable. Must be a C_IDENTIFIER.
+ Required. A pod affinity term, associated with the corresponding weight.
 true
valuestring - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
- 		false
valueFromobjectweightinteger - Source for the environment variable's value. Cannot be used if value is not empty.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) -Source for the environment variable's value. Cannot be used if value is not empty. +Required. A pod affinity term, associated with the corresponding weight. @@ -13553,45 +23355,54 @@ Source for the environment variable's value. Cannot be used if value is not empt - - + + - + - + - + - - + +
configMapKeyRefobjecttopologyKeystring - Selects a key of a ConfigMap.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
falsetrue
fieldReflabelSelector object - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ A label query over a set of resources, in this case pods.
 false
resourceFieldRefnamespaceSelector object - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
secretKeyRefobjectnamespaces[]string - Selects a key of a secret in the pod's namespace
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.configMapKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) -Selects a key of a ConfigMap. +A label query over a set of resources, in this case pods. @@ -13603,39 +23414,32 @@ Selects a key of a ConfigMap. - - - - - - - + + - - + +
keystring - The key to select.
- 		true
namestringmatchExpressions[]object - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
optionalbooleanmatchLabelsmap[string]string - Specify whether the ConfigMap or its key must be defined
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.fieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -13647,30 +23451,44 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI - + - + + + + + +
fieldPathkey string - Path of the field to select in the specified API version.
+ key is the label key that the selector applies to.
 true
apiVersionoperator string - Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.resourceFieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. @@ -13682,36 +23500,32 @@ Selects a resource of the container: only resources limits and requests - - - - - - - + + - - + +
resourcestring - Required: resource to select
- 		true
containerNamestringmatchExpressions[]object - Container name: required for volumes, optional for env vars
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
divisorint or stringmatchLabelsmap[string]string - Specifies the output format of the exposed resources, defaults to "1"
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].env[index].valueFrom.secretKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) -Selects a key of a secret in the pod's namespace +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -13726,35 +23540,42 @@ Selects a key of a secret in the pod's namespace - + - + - - + +
key string - The key of the secret to select from. Must be a valid secret key.
+ key is the label key that the selector applies to.
 true
nameoperator string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
optionalbooleanvalues[]string - Specify whether the Secret or its key must be defined
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinity) -EnvFromSource represents the source of a set of ConfigMaps +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running @@ -13766,36 +23587,54 @@ EnvFromSource represents the source of a set of ConfigMaps - + + + + + + - - + + - - + +
configMapReftopologyKeystring + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelector object - The ConfigMap to select from
+ A label query over a set of resources, in this case pods.
 false
prefixstringnamespaceSelectorobject - An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
 false
secretRefobjectnamespaces[]string - The Secret to select from
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index].configMapRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvfromindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) -The ConfigMap to select from +A label query over a set of resources, in this case pods. @@ -13807,31 +23646,32 @@ The ConfigMap to select from - - + + - - + +
namestringmatchExpressions[]object - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
optionalbooleanmatchLabelsmap[string]string - Specify whether the ConfigMap must be defined
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].envFrom[index].secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexenvfromindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) -The Secret to select from +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -13843,32 +23683,44 @@ The Secret to select from - + - + - - + + + + + + +
namekey string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ key is the label key that the selector applies to.
falsetrue
optionalbooleanoperatorstring - Specify whether the Secret must be defined
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) -Actions that the management system should take in response to container lifecycle events. -Cannot be updated. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. @@ -13880,43 +23732,32 @@ Cannot be updated. - - + + - - + +
postStartobjectmatchExpressions[]object - PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
preStopobjectmatchLabelsmap[string]string - PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycle) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) -PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -13928,38 +23769,40 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho - - + + - + - - + + - + - - + +
execobjectkeystring - Exec specifies the action to take.
+ key is the label key that the selector applies to.
falsetrue
httpGetobjectoperatorstring - HTTPGet specifies the http request to perform.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
tcpSocketobjectvalues[]string - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) -Exec specifies the action to take. +Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). @@ -13971,26 +23814,43 @@ Exec specifies the action to take. - - + + + + + + +
command[]stringpreferredDuringSchedulingIgnoredDuringExecution[]object - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ The scheduler will prefer to schedule pods to nodes that satisfy +the anti-affinity expressions specified by this field, but it may choose +a node that violates one or more of the expressions. The node that is +most preferred is the one with the greatest sum of weights, i.e. +for each node that meets all of the scheduling requirements (resource +request, requiredDuringScheduling anti-affinity expressions, etc.), +compute a sum by iterating through the elements of this field and adding +"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the +node(s) with the highest sum are the most preferred.
+ 		false
requiredDuringSchedulingIgnoredDuringExecution[]object + If the anti-affinity requirements specified by this field are not met at +scheduling time, the pod will not be scheduled onto the node. +If the anti-affinity requirements specified by this field cease to be met +at some point during pod execution (e.g. due to a pod label update), the +system may or may not try to eventually evict the pod from its node. +When there are multiple elements, the lists of nodes corresponding to each +podAffinityTerm are intersected, i.e. all terms must be satisfied.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinity) -HTTPGet specifies the http request to perform. +The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) @@ -14002,54 +23862,32 @@ HTTPGet specifies the http request to perform. - - + + - - - - - - - - - - - - - - - - - + + - +
portint or stringpodAffinityTermobject - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Required. A pod affinity term, associated with the corresponding weight.
 true
hoststring - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
- 		false
httpHeaders[]object - Custom headers to set in the request. HTTP allows repeated headers.
- 		false
pathstring - Path to access on the HTTP server.
- 		false
schemestringweightinteger - Scheme to use for connecting to the host. -Defaults to HTTP.
+ weight associated with matching the corresponding podAffinityTerm, +in the range 1-100.
+
+ Format: int32
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststarthttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) -HTTPHeader describes a custom header to be used in HTTP probes +Required. A pod affinity term, associated with the corresponding weight. @@ -14061,32 +23899,54 @@ HTTPHeader describes a custom header to be used in HTTP probes - + - - + + - + + + + + + + + + + +
nametopologyKey string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
 true
valuestringlabelSelectorobject - The header field value
+ A label query over a set of resources, in this case pods.
truefalse
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
+ 		false
namespaces[]string + namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.postStart.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +A label query over a set of resources, in this case pods. @@ -14098,39 +23958,32 @@ lifecycle hooks will fail in runtime when tcp handler is specified. - - + + - + - - + +
portint or stringmatchExpressions[]object - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
truefalse
hoststringmatchLabelsmap[string]string - Optional: Host name to connect to, defaults to the pod IP.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycle) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) -PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -14142,38 +23995,44 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho - - + + - + - - + + - + - - + +
execobjectkeystring - Exec specifies the action to take.
+ key is the label key that the selector applies to.
falsetrue
httpGetobjectoperatorstring - HTTPGet specifies the http request to perform.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
tcpSocketobjectvalues[]string - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) -Exec specifies the action to take. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. @@ -14185,26 +24044,32 @@ Exec specifies the action to take. - - + + + + + + +
command[]stringmatchExpressions[]object - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) -HTTPGet specifies the http request to perform. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -14216,54 +24081,45 @@ HTTPGet specifies the http request to perform. - - - - - - + - - - - - - + - + - + - - + +
portint or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
- 		true
hostkey string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
- 		false
httpHeaders[]object - Custom headers to set in the request. HTTP allows repeated headers.
+ key is the label key that the selector applies to.
falsetrue
pathoperator string - Path to access on the HTTP server.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
schemestringvalues[]string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestophttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinity) -HTTPHeader describes a custom header to be used in HTTP probes +Defines a set of pods (namely those matching the labelSelector +relative to the given namespace(s)) that this pod should be +co-located (affinity) or not co-located (anti-affinity) with, +where co-located is defined as running on a node whose value of +the label with key matches that of any node on which +a pod of the set of pods is running @@ -14275,32 +24131,54 @@ HTTPHeader describes a custom header to be used in HTTP probes - + + + + + + + + + + + - + - - + + - +
nametopologyKey string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching +the labelSelector in the specified namespaces, where co-located is defined as running on a node +whose value of the label with key topologyKey matches that of any node on which any of the +selected pods is running. +Empty topologyKey is not allowed.
+ 		true
labelSelectorobject + A label query over a set of resources, in this case pods.
+ 		false
namespaceSelectorobject + A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces.
truefalse
valuestringnamespaces[]string - The header field value
+ namespaces specifies a static list of namespace names that the term applies to. +The term is applied to the union of the namespaces listed in this field +and the ones selected by namespaceSelector. +null or empty namespaces list and null namespaceSelector means "this pod's namespace".
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].lifecycle.preStop.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +A label query over a set of resources, in this case pods. @@ -14312,34 +24190,32 @@ lifecycle hooks will fail in runtime when tcp handler is specified. - - + + - + - - + +
portint or stringmatchExpressions[]object - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
truefalse
hoststringmatchLabelsmap[string]string - Optional: Host name to connect to, defaults to the pod IP.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) -Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -14351,112 +24227,44 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + - - + + - + - - + +
execobject - Exec specifies the action to take.
- 		false
failureThresholdinteger - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
- 		false
grpcobject - GRPC specifies an action involving a GRPC port.
- 		false
httpGetobject - HTTPGet specifies the http request to perform.
- 		false
initialDelaySecondsinteger - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
- 		false
periodSecondsinteger - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
-
- Format: int32
- 		false
successThresholdinteger - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
- 		false
tcpSocketobjectkeystring - TCPSocket specifies an action involving a TCP port.
+ key is the label key that the selector applies to.
falsetrue
terminationGracePeriodSecondsintegeroperatorstring - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
timeoutSecondsintegervalues[]string - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) -Exec specifies the action to take. +A label query over the set of namespaces that the term applies to. +The term is applied to the union of the namespaces selected by this field +and the ones listed in the namespaces field. +null selector and null or empty namespaces list means "this pod's namespace". +An empty selector ({}) matches all namespaces. @@ -14468,26 +24276,32 @@ Exec specifies the action to take. - - + + + + + + +
command[]stringmatchExpressions[]object - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
matchLabelsmap[string]string + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) -GRPC specifies an action involving a GRPC port. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -14499,35 +24313,42 @@ GRPC specifies an action involving a GRPC port. - - + + - + + + + + +
portintegerkeystring - Port number of the gRPC service. Number must be in the range 1 to 65535.
-
- Format: int32
+ key is the label key that the selector applies to.
 true
serviceoperator string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
+ 		true
values[]string + values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.dnsConfig +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -HTTPGet specifies the http request to perform. +Specifies the DNS parameters of a pod. +Parameters specified here will be merged to the generated DNS +configuration based on DNSPolicy. @@ -14539,54 +24360,43 @@ HTTPGet specifies the http request to perform. - - - - - - - + + - + - - - - - - - + +
portint or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
- 		true
hoststringnameservers[]string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ A list of DNS name server IP addresses. +This will be appended to the base nameservers generated from DNSPolicy. +Duplicated nameservers will be removed.
 false
httpHeadersoptions []object - Custom headers to set in the request. HTTP allows repeated headers.
- 		false
pathstring - Path to access on the HTTP server.
+ A list of DNS resolver options. +This will be merged with the base options generated from DNSPolicy. +Duplicated entries will be removed. Resolution options given in Options +will override those that appear in the base DNSPolicy.
 false
schemestringsearches[]string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ A list of DNS search domains for host-name lookup. +This will be appended to the base search paths generated from DNSPolicy. +Duplicated search paths will be removed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.dnsConfig.options[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecdnsconfig) -HTTPHeader describes a custom header to be used in HTTP probes +PodDNSConfigOption defines DNS resolver options of a pod. @@ -14601,27 +24411,34 @@ HTTPHeader describes a custom header to be used in HTTP probes - + - +
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ Required.
truefalse
value string - The header field value
+
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].livenessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -TCPSocket specifies an action involving a TCP port. +An EphemeralContainer is a temporary container that you may add to an existing Pod for +user-initiated activities such as debugging. Ephemeral containers have no resource or +scheduling guarantees, and they will not be restarted when they exit or when a Pod is +removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the +Pod to exceed its resource allocation. + + +To add an ephemeral container, use the ephemeralcontainers subresource of an existing +Pod. Ephemeral containers may not be removed or restarted. @@ -14633,250 +24450,252 @@ TCPSocket specifies an action involving a TCP port. - - + + - - + + - -
portint or stringnamestring - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name of the ephemeral container specified as a DNS_LABEL. +This name must be unique among all containers, init containers and ephemeral containers.
 true
hoststringargs[]string - Optional: Host name to connect to, defaults to the pod IP.
+ Arguments to the entrypoint. +The image's CMD is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].ports[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) - - - -ContainerPort represents a network port in a single container. - - - - - - - - - - - - - + + + - + - - + + - - + + - + - + - -
NameTypeDescriptionRequired
containerPortinteger
command[]string - Number of port to expose on the pod's IP address. -This must be a valid port number, 0 < x < 65536.
-
- Format: int32
+ Entrypoint array. Not executed within a shell. +The image's ENTRYPOINT is used if this is not provided. +Variable references $(VAR_NAME) are expanded using the container's environment. If a variable +cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will +produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless +of whether the variable exists or not. Cannot be updated. +More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
truefalse
hostIPstringenv[]object - What host IP to bind the external port to.
+ List of environment variables to set in the container. +Cannot be updated.
 false
hostPortintegerenvFrom[]object - Number of port to expose on the host. -If specified, this must be a valid port number, 0 < x < 65536. -If HostNetwork is specified, this must match ContainerPort. -Most containers do not need this.
-
- Format: int32
+ List of sources to populate environment variables in the container. +The keys defined within a source must be a C_IDENTIFIER. All invalid keys +will be reported as an event when the container is starting. When a key exists in multiple +sources, the value associated with the last source will take precedence. +Values defined by an Env with a duplicate key will take precedence. +Cannot be updated.
 false
nameimage string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each -named port in a pod must have a unique name. Name for the port that can be -referred to by services.
+ Container image name. +More info: https://kubernetes.io/docs/concepts/containers/images
 false
protocolimagePullPolicy string - Protocol for port. Must be UDP, TCP, or SCTP. -Defaults to "TCP".
-
- Default: TCP
+ Image pull policy. +One of Always, Never, IfNotPresent. +Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) - - - -Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - - - - - - - - - - - - + + - - + + - + + + + + + - + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + - - + + - - + + - - + + - - + + - -
NameTypeDescriptionRequired
exec
lifecycle object - Exec specifies the action to take.
+ Lifecycle is not allowed for ephemeral containers.
 false
failureThresholdintegerlivenessProbeobject - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
+ Probes are not allowed for ephemeral containers.
 false
grpcports[]object + Ports are not allowed for ephemeral containers.
+ 		false
readinessProbe object - GRPC specifies an action involving a GRPC port.
+ Probes are not allowed for ephemeral containers.
 false
httpGetresizePolicy[]object + Resources resize policy for the container.
+ 		false
resources object - HTTPGet specifies the http request to perform.
+ Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources +already allocated to the pod.
 false
initialDelaySecondsintegerrestartPolicystring - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ Restart policy for the container to manage the restart behavior of each +container within a pod. +This may only be set for init containers. You cannot set this field on +ephemeral containers.
+ 		false
securityContextobject + Optional: SecurityContext defines the security options the ephemeral container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ 		false
startupProbeobject + Probes are not allowed for ephemeral containers.
+ 		false
stdinboolean + Whether this container should allocate a buffer for stdin in the container runtime. If this +is not set, reads from stdin in the container will always result in EOF. +Default is false.
+ 		false
stdinOnceboolean + Whether the container runtime should close the stdin channel after it has been opened by +a single attach. When stdin is true the stdin stream will remain open across multiple attach +sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the +first client attaches to stdin, and then remains open and accepts data until the client disconnects, +at which time stdin is closed and remains closed until the container is restarted. If this +flag is false, a container processes that reads from stdin will never receive an EOF. +Default is false
+ 		false
targetContainerNamestring + If set, the name of the container from PodSpec that this ephemeral container targets. +The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. +If not set then the ephemeral container uses the namespaces configured in the Pod spec. + + +The container runtime must implement support for this feature. If the runtime does not +support namespace targeting then the result of setting this field is undefined.
 false
periodSecondsintegerterminationMessagePathstring - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
-
- Format: int32
+ Optional: Path at which the file to which the container's termination message +will be written is mounted into the container's filesystem. +Message written is intended to be brief final status, such as an assertion failure message. +Will be truncated by the node if greater than 4096 bytes. The total message length across +all containers will be limited to 12kb. +Defaults to /dev/termination-log. +Cannot be updated.
 false
successThresholdintegerterminationMessagePolicystring - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
+ Indicate how the termination message should be populated. File will use the contents of +terminationMessagePath to populate the container status message on both success and failure. +FallbackToLogsOnError will use the last chunk of container log output if the termination +message file is empty and the container exited with an error. +The log output is limited to 2048 bytes or 80 lines, whichever is smaller. +Defaults to File. +Cannot be updated.
 false
tcpSocketobjectttyboolean - TCPSocket specifies an action involving a TCP port.
+ Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. +Default is false.
 false
terminationGracePeriodSecondsintegervolumeDevices[]object - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
+ volumeDevices is the list of block devices to be used by the container.
 false
timeoutSecondsintegervolumeMounts[]object - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. +Cannot be updated.
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) - - - -Exec specifies the action to take. - - - - - - - - - - - - - + + +
NameTypeDescriptionRequired
command[]string
workingDirstring - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Container's working directory. +If not specified, the container runtime's default will be used, which +might be configured in the container image. +Cannot be updated.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -GRPC specifies an action involving a GRPC port. +EnvVar represents an environment variable present in a Container. @@ -14888,35 +24707,44 @@ GRPC specifies an action involving a GRPC port. - - + + - + + + + + +
portintegernamestring - Port number of the gRPC service. Number must be in the range 1 to 65535.
-
- Format: int32
+ Name of the environment variable. Must be a C_IDENTIFIER.
 true
servicevalue string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindex) -HTTPGet specifies the http request to perform. +Source for the environment variable's value. Cannot be used if value is not empty. @@ -14928,54 +24756,45 @@ HTTPGet specifies the http request to perform. - - - - - - - + + - - + + - - + + - - + +
portint or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
- 		true
hoststringconfigMapKeyRefobject - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Selects a key of a ConfigMap.
 false
httpHeaders[]objectfieldRefobject - Custom headers to set in the request. HTTP allows repeated headers.
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
pathstringresourceFieldRefobject - Path to access on the HTTP server.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
schemestringsecretKeyRefobject - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Selects a key of a secret in the pod's namespace
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.configMapKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) -HTTPHeader describes a custom header to be used in HTTP probes +Selects a key of a ConfigMap. @@ -14987,66 +24806,39 @@ HTTPHeader describes a custom header to be used in HTTP probes - + - + - - -
namekey string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ The key to select.
 true
valuename string - The header field value
- 		true
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].readinessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexreadinessprobe) - - - -TCPSocket specifies an action involving a TCP port. - - - - - - - - - - - - - - - + - - + +
NameTypeDescriptionRequired
portint or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
hoststringoptionalboolean - Optional: Host name to connect to, defaults to the pod IP.
+ Specify whether the ConfigMap or its key must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resizePolicy[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.fieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) -ContainerResizePolicy represents resource resize policy for the container. +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. @@ -15058,33 +24850,30 @@ ContainerResizePolicy represents resource resize policy for the container. - + - + - +
resourceNamefieldPath string - Name of the resource to which this resource resize policy applies. -Supported values: cpu, memory.
+ Path of the field to select in the specified API version.
 true
restartPolicyapiVersion string - Restart policy to apply when specified resource is resized. -If not specified, it defaults to NotRequired.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resources -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.resourceFieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) -Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. @@ -15096,48 +24885,36 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co - - + + - + - - + + - - + +
claims[]objectresourcestring - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ Required: resource to select
falsetrue
limitsmap[string]int or stringcontainerNamestring - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Container name: required for volumes, optional for env vars
 false
requestsmap[string]int or stringdivisorint or string - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ Specifies the output format of the exposed resources, defaults to "1"
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].resources.claims[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexresources) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.secretKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) -ResourceClaim references one entry in PodSpec.ResourceClaims. +Selects a key of a secret in the pod's namespace @@ -15149,169 +24926,38 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - + - -
namekey string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ The key of the secret to select from. Must be a valid secret key.
 true
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) - - - -SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
allowPrivilegeEscalationboolean - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
- 		false
capabilitiesobject - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
- 		false
privilegedboolean - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
- 		false
procMountname string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
- 		false
readOnlyRootFilesystemboolean - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
- 		false
runAsGroupinteger - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
runAsNonRootoptional boolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
- 		false
runAsUserinteger - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
- 		false
seLinuxOptionsobject - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
- 		false
seccompProfileobject - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
- 		false
windowsOptionsobject - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ Specify whether the Secret or its key must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.capabilities -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +EnvFromSource represents the source of a set of ConfigMaps @@ -15323,33 +24969,36 @@ Note that this field cannot be set when spec.os.name is windows. - - + + - - + + + + + + +
add[]stringconfigMapRefobject - Added capabilities
+ The ConfigMap to select from
 false
drop[]stringprefixstring - Removed capabilities
+ An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ 		false
secretRefobject + The Secret to select from
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.seLinuxOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index].configMapRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvfromindex) -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +The ConfigMap to select from @@ -15361,46 +25010,31 @@ Note that this field cannot be set when spec.os.name is windows. - - - - - - - - - - - + - - + +
levelstring - Level is SELinux level label that applies to the container.
- 		false
rolestring - Role is a SELinux role label that applies to the container.
- 		false
typename string - Type is a SELinux type label that applies to the container.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
userstringoptionalboolean - User is a SELinux user label that applies to the container.
+ Specify whether the ConfigMap must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.seccompProfile -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index].secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvfromindex) -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +The Secret to select from @@ -15412,41 +25046,31 @@ Note that this field cannot be set when spec.os.name is windows. - + - + - - + +
typename string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
localhostProfilestringoptionalboolean - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ Specify whether the Secret must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].securityContext.windowsOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +Lifecycle is not allowed for ephemeral containers. @@ -15458,57 +25082,43 @@ Note that this field cannot be set when spec.os.name is linux. - - - - - - - - - - - - + + - - + +
gmsaCredentialSpecstring - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
- 		false
gmsaCredentialSpecNamestring - GMSACredentialSpecName is the name of the GMSA credential spec to use.
- 		false
hostProcessbooleanpostStartobject - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
runAsUserNamestringpreStopobject - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycle) -StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +PostStart is called immediately after a container is created. If the handler fails, +the container is terminated and restarted according to its restart policy. +Other management of the container blocks until the hook completes. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks @@ -15520,108 +25130,34 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont - + - - - - - - - - - - - + - - - - - - - - - - - - - - - - + - - - - - - - - - -
execexec object Exec specifies the action to take.
 false
failureThresholdinteger - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
- 		false
grpcobject - GRPC specifies an action involving a GRPC port.
- 		false
httpGethttpGet object HTTPGet specifies the http request to perform.
 false
initialDelaySecondsinteger - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
- 		false
periodSecondsinteger - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
-
- Format: int32
- 		false
successThresholdinteger - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
- 		false
tcpSockettcpSocket object - TCPSocket specifies an action involving a TCP port.
- 		false
terminationGracePeriodSecondsinteger - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
- 		false
timeoutSecondsinteger - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) @@ -15651,48 +25187,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) - - - -GRPC specifies an action involving a GRPC port. - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
portinteger - Port number of the gRPC service. Number must be in the range 1 to 65535.
-
- Format: int32
- 		true
servicestring - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
- 		false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) @@ -15725,7 +25221,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -15750,8 +25246,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststarthttpget) @@ -15785,12 +25281,14 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].startupProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) -TCPSocket specifies an action involving a TCP port. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. @@ -15821,12 +25319,20 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].volumeDevices[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycle) -volumeDevice describes a mapping of a raw block device within a container. +PreStop is called immediately before a container is terminated due to an +API request or management event such as liveness/startup probe failure, +preemption, resource contention, etc. The handler is not called if the +container crashes or exits. The Pod's termination grace period countdown begins before the +PreStop hook is executed. Regardless of the outcome of the handler, the +container will eventually terminate within the Pod's termination grace +period (unless delayed by finalizers). Other management of the container blocks until the hook completes +or until the termination grace period is reached. +More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks @@ -15838,29 +25344,38 @@ volumeDevice describes a mapping of a raw block device within a container. - - + + - + - - + + - + + + + + +
devicePathstringexecobject - devicePath is the path inside of the container that the device will be mapped to.
+ Exec specifies the action to take.
truefalse
namestringhttpGetobject - name must match the name of a persistentVolumeClaim in the pod
+ HTTPGet specifies the http request to perform.
truefalse
tcpSocketobject + Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified.
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.containers[index].volumeMounts[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespeccontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) -VolumeMount describes a mounting of a Volume within a container. +Exec specifies the action to take. @@ -15872,66 +25387,85 @@ VolumeMount describes a mounting of a Volume within a container. - - + + - - - - + + +
mountPathstringcommand[]string - Path within the container at which the volume should be mounted. Must -not contain ':'.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
true
namestringfalse
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) + + + +HTTPGet specifies the http request to perform. + + + + + + + + + + + + + - + - - + + - + - +
NameTypeDescriptionRequired
portint or string - This must match the Name of a Volume.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
mountPropagationhost string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
readOnlybooleanhttpHeaders[]object - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
+ Custom headers to set in the request. HTTP allows repeated headers.
 false
subPathpath string - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
+ Path to access on the HTTP server.
 false
subPathExprscheme string - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ Scheme to use for connecting to the host. +Defaults to HTTP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestophttpget) -If specified, the pod's scheduling constraints +HTTPHeader describes a custom header to be used in HTTP probes @@ -15943,36 +25477,32 @@ If specified, the pod's scheduling constraints - - - - - - - + + - + - - + + - +
nodeAffinityobject - Describes node affinity scheduling rules for the pod.
- 		false
podAffinityobjectnamestring - Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
falsetrue
podAntiAffinityobjectvaluestring - Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).
+ The header field value
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) -Describes node affinity scheduling rules for the pod. +Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept +for the backward compatibility. There are no validation of this field and +lifecycle hooks will fail in runtime when tcp handler is specified. @@ -15984,42 +25514,31 @@ Describes node affinity scheduling rules for the pod. - - + + - + - - + +
preferredDuringSchedulingIgnoredDuringExecution[]objectportint or string - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node matches the corresponding matchExpressions; the -node(s) with the highest sum are the most preferred.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
falsetrue
requiredDuringSchedulingIgnoredDuringExecutionobjecthoststring - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node.
+ Optional: Host name to connect to, defaults to the pod IP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -An empty preferred scheduling term matches all objects with implicit weight 0 -(i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). +Probes are not allowed for ephemeral containers. @@ -16031,31 +25550,112 @@ An empty preferred scheduling term matches all objects with implicit weight 0 - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - +
preferenceexec object - A node selector term, associated with the corresponding weight.
+ Exec specifies the action to take.
+ 		false
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
+ 		false
grpcobject + GRPC specifies an action involving a GRPC port.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySecondsinteger + Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
periodSecondsinteger + How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
+ 		false
tcpSocketobject + TCPSocket specifies an action involving a TCP port.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
truefalse
weighttimeoutSeconds integer - Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.
+ Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) -A node selector term, associated with the corresponding weight. +Exec specifies the action to take. @@ -16067,30 +25667,26 @@ A node selector term, associated with the corresponding weight. - - - - - - - + +
matchExpressions[]object - A list of node selector requirements by node's labels.
- 		false
matchFields[]objectcommand[]string - A list of node selector requirements by node's fields.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +GRPC specifies an action involving a GRPC port. @@ -16102,42 +25698,35 @@ that relates the key and values. - - + + - + - - - - -
keystringportinteger - The label key that the selector applies to.
+ Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
 true
operatorservice string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
- 		true
values[]string - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].preference.matchFields[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinitypreferredduringschedulingignoredduringexecutionindexpreference) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +HTTPGet specifies the http request to perform. @@ -16149,45 +25738,54 @@ that relates the key and values. - - + + - + - + - - + + + + + + + + + + + +
keystringportint or string - The label key that the selector applies to.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
operatorhost string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
truefalse
values[]stringhttpHeaders[]object - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ Custom headers to set in the request. HTTP allows repeated headers.
+ 		false
pathstring + Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobehttpget) -If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to an update), the system -may or may not try to eventually evict the pod from its node. +HTTPHeader describes a custom header to be used in HTTP probes @@ -16199,24 +25797,30 @@ may or may not try to eventually evict the pod from its node. - - + + + + + + +
nodeSelectorTerms[]objectnamestring - Required. A list of node selector terms. The terms are ORed.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ 		true
valuestring + The header field value
 true
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecution) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) -A null or empty node selector term matches no objects. The requirements of -them are ANDed. -The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. +TCPSocket specifies an action involving a TCP port. @@ -16228,30 +25832,31 @@ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - - + + - + - - + +
matchExpressions[]objectportint or string - A list of node selector requirements by node's labels.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
falsetrue
matchFields[]objecthoststring - A list of node selector requirements by node's fields.
+ Optional: Host name to connect to, defaults to the pod IP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].ports[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. +ContainerPort represents a network port in a single container. @@ -16263,88 +25868,63 @@ that relates the key and values. - - + + - + - + - - + + - -
keystringcontainerPortinteger - The label key that the selector applies to.
+ Number of port to expose on the pod's IP address. +This must be a valid port number, 0 < x < 65536.
+
+ Format: int32
 true
operatorhostIP string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ What host IP to bind the external port to.
truefalse
values[]stringhostPortinteger - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ Number of port to expose on the host. +If specified, this must be a valid port number, 0 < x < 65536. +If HostNetwork is specified, this must match ContainerPort. +Most containers do not need this.
+
+ Format: int32
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[index].matchFields[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitynodeaffinityrequiredduringschedulingignoredduringexecutionnodeselectortermsindex) - - - -A node selector requirement is a selector that contains values, a key, and an operator -that relates the key and values. - - - - - - - - - - - - - - - - + - + - - + +
NameTypeDescriptionRequired
keystring - The label key that the selector applies to.
- 		true
operatorname string - Represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ If specified, this must be an IANA_SVC_NAME and unique within the pod. Each +named port in a pod must have a unique name. Name for the port that can be +referred to by services.
truefalse
values[]stringprotocolstring - An array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. If the operator is Gt or Lt, the values -array must have a single element, which will be interpreted as an integer. -This array is replaced during a strategic merge patch.
+ Protocol for port. Must be UDP, TCP, or SCTP. +Defaults to "TCP".
+
+ Default: TCP
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). +Probes are not allowed for ephemeral containers. @@ -16356,139 +25936,112 @@ Describes pod affinity scheduling rules (e.g. co-locate this pod in the same nod - - + + - - + + - -
preferredDuringSchedulingIgnoredDuringExecution[]objectexecobject - The scheduler will prefer to schedule pods to nodes that satisfy -the affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ Exec specifies the action to take.
 false
requiredDuringSchedulingIgnoredDuringExecution[]objectfailureThresholdinteger - If the affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinity) - - - -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - - - - - - - - - - - - + + - + - + + + + + + - - -
NameTypeDescriptionRequired
podAffinityTerm
grpc object - Required. A pod affinity term, associated with the corresponding weight.
+ GRPC specifies an action involving a GRPC port.
truefalse
weighthttpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySeconds integer - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
+ Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes

Format: int32
true
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindex) - - - -Required. A pod affinity term, associated with the corresponding weight. - - - - - - - - - - - - - + + + + - + - - + + - + - - + + + + + + +
NameTypeDescriptionRequired
topologyKeystringfalse
periodSecondsinteger - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
truefalse
labelSelectorobjectsuccessThresholdinteger - A label query over a set of resources, in this case pods.
+ Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
 false
namespaceSelectortcpSocket object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ TCPSocket specifies an action involving a TCP port.
 false
namespaces[]stringterminationGracePeriodSecondsinteger - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
+ 		false
timeoutSecondsinteger + Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) -A label query over a set of resources, in this case pods. +Exec specifies the action to take. @@ -16500,32 +26053,26 @@ A label query over a set of resources, in this case pods. - - - - - - - + +
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]stringcommand[]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +GRPC specifies an action involving a GRPC port. @@ -16537,44 +26084,35 @@ relates the key and values. - - + + - + - - - - -
keystringportinteger - key is the label key that the selector applies to.
+ Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
 true
operatorservice string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +HTTPGet specifies the http request to perform. @@ -16586,32 +26124,54 @@ An empty selector ({}) matches all namespaces. - + + + + + + + + + + + - - + + + + + + +
matchExpressionsportint or string + Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
+ 		true
hoststring + Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
+ 		false
httpHeaders []object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ Custom headers to set in the request. HTTP allows repeated headers.
 false
matchLabelsmap[string]stringpathstring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobehttpget) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +HTTPHeader describes a custom header to be used in HTTP probes @@ -16623,45 +26183,30 @@ relates the key and values. - + - + - - - - -
keyname string - key is the label key that the selector applies to.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
 true
operatorvalue string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ The header field value
 true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) -Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +TCPSocket specifies an action involving a TCP port. @@ -16673,54 +26218,31 @@ a pod of the set of pods is running - - + + - - - - - - - - - - - - + +
topologyKeystringportint or string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]stringhoststring - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ Optional: Host name to connect to, defaults to the pod IP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resizePolicy[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label query over a set of resources, in this case pods. +ContainerResizePolicy represents resource resize policy for the container. @@ -16732,32 +26254,32 @@ A label query over a set of resources, in this case pods. - - + + - + - - + + - +
matchExpressions[]objectresourceNamestring - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ Name of the resource to which this resource resize policy applies. +Supported values: cpu, memory.
falsetrue
matchLabelsmap[string]stringrestartPolicystring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Restart policy to apply when specified resource is resized. +If not specified, it defaults to NotRequired.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resources +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources +already allocated to the pod. @@ -16769,44 +26291,48 @@ relates the key and values. - - + + - + - - + + - + - - + +
keystringclaims[]object - key is the label key that the selector applies to.
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
truefalse
operatorstringlimitsmap[string]int or string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
truefalse
values[]stringrequestsmap[string]int or string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resources.claims[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexresources) -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -16818,32 +26344,25 @@ An empty selector ({}) matches all namespaces. - - - - - - - + + - +
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]stringnamestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +Optional: SecurityContext defines the security options the ephemeral container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. @@ -16855,40 +26374,138 @@ relates the key and values. - - + + - + - + + + + + + + + + + + - + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
keystringallowPrivilegeEscalationboolean - key is the label key that the selector applies to.
+ AllowPrivilegeEscalation controls whether a process can gain more +privileges than its parent process. This bool directly controls if +the no_new_privs flag will be set on the container process. +AllowPrivilegeEscalation is true always when the container is: +1) run as Privileged +2) has CAP_SYS_ADMIN +Note that this field cannot be set when spec.os.name is windows.
truefalse
operatorcapabilitiesobject + The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
privilegedboolean + Run container in privileged mode. +Processes in privileged containers are essentially equivalent to root on the host. +Defaults to false. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
procMount string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ procMount denotes the type of proc mount to use for the containers. +The default is DefaultProcMount which uses the container runtime defaults for +readonly paths and masked paths. +This requires the ProcMountType feature flag to be enabled. +Note that this field cannot be set when spec.os.name is windows.
truefalse
values[]stringreadOnlyRootFilesystemboolean - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Whether this container has a read-only root filesystem. +Default is false. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
runAsGroupinteger + The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
runAsNonRootboolean + Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
+ 		false
runAsUserinteger + The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
+ 		false
seLinuxOptionsobject + The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
seccompProfileobject + The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows.
+ 		false
windowsOptionsobject + The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.capabilities +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) -Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). +The capabilities to add/drop when running containers. +Defaults to the default set of capabilities granted by the container runtime. +Note that this field cannot be set when spec.os.name is windows. @@ -16900,43 +26517,33 @@ Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the - - + + - - + +
preferredDuringSchedulingIgnoredDuringExecution[]objectadd[]string - The scheduler will prefer to schedule pods to nodes that satisfy -the anti-affinity expressions specified by this field, but it may choose -a node that violates one or more of the expressions. The node that is -most preferred is the one with the greatest sum of weights, i.e. -for each node that meets all of the scheduling requirements (resource -request, requiredDuringScheduling anti-affinity expressions, etc.), -compute a sum by iterating through the elements of this field and adding -"weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the -node(s) with the highest sum are the most preferred.
+ Added capabilities
 false
requiredDuringSchedulingIgnoredDuringExecution[]objectdrop[]string - If the anti-affinity requirements specified by this field are not met at -scheduling time, the pod will not be scheduled onto the node. -If the anti-affinity requirements specified by this field cease to be met -at some point during pod execution (e.g. due to a pod label update), the -system may or may not try to eventually evict the pod from its node. -When there are multiple elements, the lists of nodes corresponding to each -podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ Removed capabilities
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.seLinuxOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) -The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) +The SELinux context to be applied to the container. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is windows. @@ -16948,32 +26555,46 @@ The weights of all of the matched WeightedPodAffinityTerm fields are added per-n - - + + - + - - + + - + + + + + + + + + + +
podAffinityTermobjectlevelstring - Required. A pod affinity term, associated with the corresponding weight.
+ Level is SELinux level label that applies to the container.
truefalse
weightintegerrolestring - weight associated with matching the corresponding podAffinityTerm, -in the range 1-100.
-
- Format: int32
+ Role is a SELinux role label that applies to the container.
truefalse
typestring + Type is a SELinux type label that applies to the container.
+ 		false
userstring + User is a SELinux user label that applies to the container.
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.seccompProfile +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) -Required. A pod affinity term, associated with the corresponding weight. +The seccomp options to use by this container. If seccomp options are +provided at both the pod & container level, the container options +override the pod options. +Note that this field cannot be set when spec.os.name is windows. @@ -16985,54 +26606,41 @@ Required. A pod affinity term, associated with the corresponding weight. - + - - - - - - - - - - - - + +
topologyKeytype string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
 true
labelSelectorobject - A label query over a set of resources, in this case pods.
- 		false
namespaceSelectorobject - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
- 		false
namespaces[]stringlocalhostProfilestring - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.windowsOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) -A label query over a set of resources, in this case pods. +The Windows specific settings applied to all containers. +If unspecified, the options from the PodSecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. @@ -17044,32 +26652,51 @@ A label query over a set of resources, in this case pods. - - + + - - + + + + + + + + + + + +
matchExpressions[]objectgmsaCredentialSpecstring - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
 false
matchLabelsmap[string]stringgmsaCredentialSpecNamestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ GMSACredentialSpecName is the name of the GMSA credential spec to use.
+ 		false
hostProcessboolean + HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.labelSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermlabelselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +Probes are not allowed for ephemeral containers. @@ -17081,44 +26708,112 @@ relates the key and values. - - + + - + - - + + - + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
keystringexecobject - key is the label key that the selector applies to.
+ Exec specifies the action to take.
truefalse
operatorstringfailureThresholdinteger - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ Minimum consecutive failures for the probe to be considered failed after having succeeded. +Defaults to 3. Minimum value is 1.
+
+ Format: int32
truefalse
values[]stringgrpcobject - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ GRPC specifies an action involving a GRPC port.
+ 		false
httpGetobject + HTTPGet specifies the http request to perform.
+ 		false
initialDelaySecondsinteger + Number of seconds after the container has started before liveness probes are initiated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
+ 		false
periodSecondsinteger + How often (in seconds) to perform the probe. +Default to 10 seconds. Minimum value is 1.
+
+ Format: int32
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+
+ Format: int32
+ 		false
tcpSocketobject + TCPSocket specifies an action involving a TCP port.
+ 		false
terminationGracePeriodSecondsinteger + Optional duration in seconds the pod needs to terminate gracefully upon probe failure. +The grace period is the duration in seconds after the processes running in the pod are sent +a termination signal and the time when the processes are forcibly halted with a kill signal. +Set this value longer than the expected cleanup time for your process. +If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this +value overrides the value provided by the pod spec. +Value must be non-negative integer. The value zero indicates stop immediately via +the kill signal (no opportunity to shut down). +This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. +Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+
+ Format: int64
+ 		false
timeoutSecondsinteger + Number of seconds after which the probe times out. +Defaults to 1 second. Minimum value is 1. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinityterm) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +Exec specifies the action to take. @@ -17130,32 +26825,26 @@ An empty selector ({}) matches all namespaces. - - - - - - - + +
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]stringcommand[]string - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Command is the command line to execute inside the container, the working directory for the +command is root ('/') in the container's filesystem. The command is simply exec'd, it is +not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use +a shell, you need to explicitly call out to that shell. +Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.preferredDuringSchedulingIgnoredDuringExecution[index].podAffinityTerm.namespaceSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinitypreferredduringschedulingignoredduringexecutionindexpodaffinitytermnamespaceselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +GRPC specifies an action involving a GRPC port. @@ -17167,45 +26856,35 @@ relates the key and values. - - + + - + - - - - -
keystringportinteger - key is the label key that the selector applies to.
+ Port number of the gRPC service. Number must be in the range 1 to 65535.
+
+ Format: int32
 true
operatorservice string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Service is the name of the service to place in the gRPC HealthCheckRequest +(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + + +If this is not specified, the default behavior is defined by gRPC.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinity) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) -Defines a set of pods (namely those matching the labelSelector -relative to the given namespace(s)) that this pod should be -co-located (affinity) or not co-located (anti-affinity) with, -where co-located is defined as running on a node whose value of -the label with key matches that of any node on which -a pod of the set of pods is running +HTTPGet specifies the http request to perform. @@ -17217,54 +26896,54 @@ a pod of the set of pods is running - - + + - - + + - - + + - - + + + + + + +
topologyKeystringportint or string - This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching -the labelSelector in the specified namespaces, where co-located is defined as running on a node -whose value of the label with key topologyKey matches that of any node on which any of the -selected pods is running. -Empty topologyKey is not allowed.
+ Name or number of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
labelSelectorobjecthoststring - A label query over a set of resources, in this case pods.
+ Host name to connect to, defaults to the pod IP. You probably want to set +"Host" in httpHeaders instead.
 false
namespaceSelectorobjecthttpHeaders[]object - A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces.
+ Custom headers to set in the request. HTTP allows repeated headers.
 false
namespaces[]stringpathstring - namespaces specifies a static list of namespace names that the term applies to. -The term is applied to the union of the namespaces listed in this field -and the ones selected by namespaceSelector. -null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ Path to access on the HTTP server.
+ 		false
schemestring + Scheme to use for connecting to the host. +Defaults to HTTP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobehttpget) -A label query over a set of resources, in this case pods. +HTTPHeader describes a custom header to be used in HTTP probes @@ -17276,32 +26955,30 @@ A label query over a set of resources, in this case pods. - - + + - + - - + + - +
matchExpressions[]objectnamestring - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ The header field name. +This will be canonicalized upon output, so case-variant names will be understood as the same header.
falsetrue
matchLabelsmap[string]stringvaluestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ The header field value
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].labelSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexlabelselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +TCPSocket specifies an action involving a TCP port. @@ -17313,44 +26990,31 @@ relates the key and values. - - + + - + - - - - -
keystringportint or string - key is the label key that the selector applies to.
+ Number or name of the port to access on the container. +Number must be in the range 1 to 65535. +Name must be an IANA_SVC_NAME.
 true
operatorhost string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Optional: Host name to connect to, defaults to the pod IP.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].volumeDevices[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label query over the set of namespaces that the term applies to. -The term is applied to the union of the namespaces selected by this field -and the ones listed in the namespaces field. -null selector and null or empty namespaces list means "this pod's namespace". -An empty selector ({}) matches all namespaces. +volumeDevice describes a mapping of a raw block device within a container. @@ -17362,32 +27026,29 @@ An empty selector ({}) matches all namespaces. - - + + - + - - + + - +
matchExpressions[]objectdevicePathstring - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ devicePath is the path inside of the container that the device will be mapped to.
falsetrue
matchLabelsmap[string]stringnamestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ name must match the name of a persistentVolumeClaim in the pod
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.affinity.podAntiAffinity.requiredDuringSchedulingIgnoredDuringExecution[index].namespaceSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecaffinitypodantiaffinityrequiredduringschedulingignoredduringexecutionindexnamespaceselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].volumeMounts[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +VolumeMount describes a mounting of a Volume within a container. @@ -17399,42 +27060,67 @@ relates the key and values. - + - + - - + + + + + + + + + + + + + + + + +
keymountPath string - key is the label key that the selector applies to.
+ Path within the container at which the volume should be mounted. Must +not contain ':'.
 true
operatorname string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ This must match the Name of a Volume.
 true
values[]stringmountPropagationstring - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ mountPropagation determines how mounts are propagated from the host +to container and the other way around. +When not set, MountPropagationNone is used. +This field is beta in 1.10.
+ 		false
readOnlyboolean + Mounted read-only if true, read-write otherwise (false or unspecified). +Defaults to false.
+ 		false
subPathstring + Path within the volume from which the container's volume should be mounted. +Defaults to "" (volume's root).
+ 		false
subPathExprstring + Expanded path within the volume from which the container's volume should be mounted. +Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. +Defaults to "" (volume's root). +SubPathExpr and SubPath are mutually exclusive.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.dnsConfig +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.hostAliases[index] [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -Specifies the DNS parameters of a pod. -Parameters specified here will be merged to the generated DNS -configuration based on DNSPolicy. +HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the +pod's hosts file. @@ -17446,43 +27132,30 @@ configuration based on DNSPolicy. - + - - - - - - - + +
nameservershostnames []string - A list of DNS name server IP addresses. -This will be appended to the base nameservers generated from DNSPolicy. -Duplicated nameservers will be removed.
- 		false
options[]object - A list of DNS resolver options. -This will be merged with the base options generated from DNSPolicy. -Duplicated entries will be removed. Resolution options given in Options -will override those that appear in the base DNSPolicy.
+ Hostnames for the above IP address.
 false
searches[]stringipstring - A list of DNS search domains for host-name lookup. -This will be appended to the base search paths generated from DNSPolicy. -Duplicated search paths will be removed.
+ IP address of the host file entry.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.dnsConfig.options[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecdnsconfig) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.imagePullSecrets[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -PodDNSConfigOption defines DNS resolver options of a pod. +LocalObjectReference contains enough information to let you locate the +referenced object inside the same namespace. @@ -17497,34 +27170,21 @@ PodDNSConfigOption defines DNS resolver options of a pod. - - - - -
name string - Required.
- 		false
valuestring -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index] +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index] [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -An EphemeralContainer is a temporary container that you may add to an existing Pod for -user-initiated activities such as debugging. Ephemeral containers have no resource or -scheduling guarantees, and they will not be restarted when they exit or when a Pod is -removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the -Pod to exceed its resource allocation. - - -To add an ephemeral container, use the ephemeralcontainers subresource of an existing -Pod. Ephemeral containers may not be removed or restarted. +A single application container that you want to run within a pod. @@ -17539,8 +27199,9 @@ Pod. Ephemeral containers may not be removed or restarted. @@ -17548,7 +27209,7 @@ This name must be unique among all containers, init containers and ephemeral con - + - + @@ -17611,71 +27274,103 @@ More info: https://kubernetes.io/docs/concepts/containers/images#updating-images - + - + - + - + - + - + - + - + @@ -17700,19 +27395,6 @@ flag is false, a container processes that reads from stdin will never receive an Default is false
- - - - - @@ -17748,17 +27430,17 @@ Default is false.
- + - + @@ -17776,8 +27458,8 @@ Cannot be updated.
name string - Name of the ephemeral container specified as a DNS_LABEL. -This name must be unique among all containers, init containers and ephemeral containers.
+ Name of the container specified as a DNS_LABEL. +Each container in a pod must have a unique name (DNS_LABEL). +Cannot be updated.
 true
[]string Arguments to the entrypoint. -The image's CMD is used if this is not provided. +The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -17562,7 +27223,7 @@ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-comma []string Entrypoint array. Not executed within a shell. -The image's ENTRYPOINT is used if this is not provided. +The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will @@ -17572,7 +27233,7 @@ More info: https://kubernetes.io/docs/tasks/inject-data-application/define-comma false
envenv []object List of environment variables to set in the container. @@ -17580,7 +27241,7 @@ Cannot be updated.
 false
envFromenvFrom []object List of sources to populate environment variables in the container. @@ -17596,7 +27257,9 @@ Cannot be updated.
string Container image name. -More info: https://kubernetes.io/docs/concepts/containers/images
+More info: https://kubernetes.io/docs/concepts/containers/images +This field is optional to allow higher level config management to default or override +container images in workload controllers like Deployments and StatefulSets.
 false
false
lifecyclelifecycle object - Lifecycle is not allowed for ephemeral containers.
+ Actions that the management system should take in response to container lifecycle events. +Cannot be updated.
 false
livenessProbelivenessProbe object - Probes are not allowed for ephemeral containers.
+ Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
portsports []object - Ports are not allowed for ephemeral containers.
+ List of ports to expose from the container. Not specifying a port here +DOES NOT prevent that port from being exposed. Any port which is +listening on the default "0.0.0.0" address inside a container will be +accessible from the network. +Modifying this array with strategic merge patch may corrupt the data. +For more information See https://github.com/kubernetes/kubernetes/issues/108255. +Cannot be updated.
 false
readinessProbereadinessProbe object - Probes are not allowed for ephemeral containers.
+ Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
resizePolicyresizePolicy []object Resources resize policy for the container.
 false
resourcesresources object - Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources -already allocated to the pod.
+ Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
restartPolicy string - Restart policy for the container to manage the restart behavior of each -container within a pod. -This may only be set for init containers. You cannot set this field on -ephemeral containers.
+ RestartPolicy defines the restart behavior of individual containers in a pod. +This field may only be set for init containers, and the only allowed value is "Always". +For non-init containers or when this field is not specified, +the restart behavior is defined by the Pod's restart policy and the container type. +Setting the RestartPolicy as "Always" for the init container will have the following effect: +this init container will be continually restarted on +exit until all regular containers have terminated. Once all regular +containers have completed, all init containers with restartPolicy "Always" +will be shut down. This lifecycle differs from normal init containers and +is often referred to as a "sidecar" container. Although this init +container still starts in the init container sequence, it does not wait +for the container to complete before proceeding to the next init +container. Instead, the next init container starts immediately after this +init container is started, or after any startupProbe has successfully +completed.
 false
securityContextsecurityContext object - Optional: SecurityContext defines the security options the ephemeral container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+ SecurityContext defines the security options the container should be run with. +If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 false
startupProbestartupProbe object - Probes are not allowed for ephemeral containers.
+ StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 false
false
targetContainerNamestring - If set, the name of the container from PodSpec that this ephemeral container targets. -The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. -If not set then the ephemeral container uses the namespaces configured in the Pod spec. - - -The container runtime must implement support for this feature. If the runtime does not -support namespace targeting then the result of setting this field is undefined.
- 		false
terminationMessagePath string false
volumeDevicesvolumeDevices []object volumeDevices is the list of block devices to be used by the container.
 false
volumeMountsvolumeMounts []object - Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. + Pod volumes to mount into the container's filesystem. Cannot be updated.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -17815,7 +27497,7 @@ Defaults to "".
false - valueFrom + valueFrom object Source for the environment variable's value. Cannot be used if value is not empty.
@@ -17825,8 +27507,8 @@ Defaults to "".
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindex) @@ -17842,14 +27524,14 @@ Source for the environment variable's value. Cannot be used if value is not empt - configMapKeyRef + configMapKeyRef object Selects a key of a ConfigMap.
false - fieldRef + fieldRef object Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, @@ -17857,7 +27539,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI false - resourceFieldRef + resourceFieldRef object Selects a resource of the container: only resources limits and requests @@ -17865,7 +27547,7 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI false - secretKeyRef + secretKeyRef object Selects a key of a secret in the pod's namespace
@@ -17875,8 +27557,8 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.configMapKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.configMapKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) @@ -17918,8 +27600,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.fieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.fieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) @@ -17953,8 +27635,8 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.resourceFieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.resourceFieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) @@ -17995,8 +27677,8 @@ Selects a resource of the container: only resources limits and requests -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].env[index].valueFrom.secretKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.secretKeyRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) @@ -18038,8 +27720,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -18055,7 +27737,7 @@ EnvFromSource represents the source of a set of ConfigMaps - configMapRef + configMapRef object The ConfigMap to select from
@@ -18069,7 +27751,7 @@ EnvFromSource represents the source of a set of ConfigMaps false - secretRef + secretRef object The Secret to select from
@@ -18079,8 +27761,8 @@ EnvFromSource represents the source of a set of ConfigMaps -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index].configMapRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvfromindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index].configMapRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvfromindex) @@ -18115,8 +27797,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].envFrom[index].secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexenvfromindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index].secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvfromindex) @@ -18151,12 +27833,13 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Lifecycle is not allowed for ephemeral containers. +Actions that the management system should take in response to container lifecycle events. +Cannot be updated. @@ -18168,7 +27851,7 @@ Lifecycle is not allowed for ephemeral containers. - + - +
postStartpostStart object PostStart is called immediately after a container is created. If the handler fails, @@ -18178,7 +27861,7 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho false
preStoppreStop object PreStop is called immediately before a container is terminated due to an @@ -18196,8 +27879,8 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycle) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycle) @@ -18216,21 +27899,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho - exec + exec object Exec specifies the action to take.
false - httpGet + httpGet object HTTPGet specifies the http request to perform.
false - tcpSocket + tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -18242,8 +27925,8 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) @@ -18273,8 +27956,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) @@ -18307,7 +27990,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -18332,8 +28015,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststarthttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststarthttpget) @@ -18367,8 +28050,8 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.postStart.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) @@ -18405,8 +28088,8 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycle) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycle) @@ -18430,21 +28113,21 @@ More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-ho - exec + exec object Exec specifies the action to take.
false - httpGet + httpGet object HTTPGet specifies the http request to perform.
false - tcpSocket + tcpSocket object Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept @@ -18456,8 +28139,8 @@ lifecycle hooks will fail in runtime when tcp handler is specified.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) @@ -18487,8 +28170,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) @@ -18521,7 +28204,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -18546,8 +28229,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestophttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestophttpget) @@ -18581,8 +28264,8 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].lifecycle.preStop.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) @@ -18619,12 +28302,15 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Probes are not allowed for ephemeral containers. +Periodic probe of container liveness. +Container will be restarted if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes @@ -18636,7 +28322,7 @@ Probes are not allowed for ephemeral containers. - + - + - + - +
execexec object Exec specifies the action to take.
@@ -18653,14 +28339,14 @@ Defaults to 3. Minimum value is 1.
 false
grpcgrpc object GRPC specifies an action involving a GRPC port.
 false
httpGethttpGet object HTTPGet specifies the http request to perform.
@@ -18697,7 +28383,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 false
tcpSockettcpSocket object TCPSocket specifies an action involving a TCP port.
@@ -18736,8 +28422,8 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) @@ -18767,8 +28453,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) @@ -18807,8 +28493,8 @@ If this is not specified, the default behavior is defined by gRPC.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) @@ -18841,7 +28527,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -18866,8 +28552,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobehttpget) @@ -18901,8 +28587,8 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].livenessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) @@ -18937,8 +28623,8 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].ports[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].ports[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -19005,12 +28691,15 @@ Defaults to "TCP".
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Probes are not allowed for ephemeral containers. +Periodic probe of container service readiness. +Container will be removed from service endpoints if the probe fails. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes @@ -19022,7 +28711,7 @@ Probes are not allowed for ephemeral containers. - + - + - + - +
execexec object Exec specifies the action to take.
@@ -19039,14 +28728,14 @@ Defaults to 3. Minimum value is 1.
 false
grpcgrpc object GRPC specifies an action involving a GRPC port.
 false
httpGethttpGet object HTTPGet specifies the http request to perform.
@@ -19083,7 +28772,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 false
tcpSockettcpSocket object TCPSocket specifies an action involving a TCP port.
@@ -19122,8 +28811,8 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) @@ -19153,8 +28842,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) @@ -19193,8 +28882,8 @@ If this is not specified, the default behavior is defined by gRPC.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) @@ -19227,7 +28916,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -19252,8 +28941,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobehttpget) @@ -19287,8 +28976,8 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].readinessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) @@ -19323,8 +29012,8 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resizePolicy[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resizePolicy[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -19359,13 +29048,14 @@ If not specified, it defaults to NotRequired.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resources -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resources +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources -already allocated to the pod. +Compute Resources required by this container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ @@ -19377,7 +29067,7 @@ already allocated to the pod. - +
claimsclaims []object Claims lists the names of resources, defined in spec.resourceClaims, @@ -19413,8 +29103,8 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].resources.claims[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexresources) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resources.claims[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexresources) @@ -19442,13 +29132,14 @@ inside a container.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Optional: SecurityContext defines the security options the ephemeral container should be run with. +SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. +More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ @@ -19473,7 +29164,7 @@ Note that this field cannot be set when spec.os.name is windows.
- + - + - + - +
false
capabilitiescapabilities object The capabilities to add/drop when running containers. @@ -19550,7 +29241,7 @@ Note that this field cannot be set when spec.os.name is windows.
 false
seLinuxOptionsseLinuxOptions object The SELinux context to be applied to the container. @@ -19561,7 +29252,7 @@ Note that this field cannot be set when spec.os.name is windows.
 false
seccompProfileseccompProfile object The seccomp options to use by this container. If seccomp options are @@ -19571,7 +29262,7 @@ Note that this field cannot be set when spec.os.name is windows.
 false
windowsOptionswindowsOptions object The Windows specific settings applied to all containers. @@ -19584,8 +29275,8 @@ Note that this field cannot be set when spec.os.name is linux.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.capabilities -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.capabilities +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) @@ -19620,8 +29311,8 @@ Note that this field cannot be set when spec.os.name is windows. -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.seLinuxOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.seLinuxOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) @@ -19672,8 +29363,8 @@ Note that this field cannot be set when spec.os.name is windows. -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.seccompProfile -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.seccompProfile +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) @@ -19718,9 +29409,9 @@ Must be set if type is "Localhost". Must NOT be set for any other type.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].securityContext.windowsOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexsecuritycontext) - +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.windowsOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) + The Windows specific settings applied to all containers. @@ -19777,12 +29468,18 @@ PodSecurityContext, the value specified in SecurityContext takes precedence.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) -Probes are not allowed for ephemeral containers. +StartupProbe indicates that the Pod has successfully initialized. +If specified, no other probes are executed until this completes successfully. +If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. +This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, +when it might take a long time to load data or warm a cache, than during steady-state operation. +This cannot be updated. +More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes @@ -19794,7 +29491,7 @@ Probes are not allowed for ephemeral containers. - + - + - + - +
execexec object Exec specifies the action to take.
@@ -19811,14 +29508,14 @@ Defaults to 3. Minimum value is 1.
 false
grpcgrpc object GRPC specifies an action involving a GRPC port.
 false
httpGethttpGet object HTTPGet specifies the http request to perform.
@@ -19855,7 +29552,7 @@ Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
 false
tcpSockettcpSocket object TCPSocket specifies an action involving a TCP port.
@@ -19894,8 +29591,8 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.exec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) @@ -19925,8 +29622,8 @@ Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.grpc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) @@ -19965,8 +29662,8 @@ If this is not specified, the default behavior is defined by gRPC.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.httpGet +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) @@ -19999,7 +29696,7 @@ Name must be an IANA_SVC_NAME.
false - httpHeaders + httpHeaders []object Custom headers to set in the request. HTTP allows repeated headers.
@@ -20024,8 +29721,8 @@ Defaults to HTTP.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.httpGet.httpHeaders[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobehttpget) @@ -20059,8 +29756,8 @@ This will be canonicalized upon output, so case-variant names will be understood -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].startupProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.tcpSocket +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) @@ -20095,8 +29792,8 @@ Name must be an IANA_SVC_NAME.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].volumeDevices[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].volumeDevices[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -20129,8 +29826,8 @@ volumeDevice describes a mapping of a raw block device within a container. -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.ephemeralContainers[index].volumeMounts[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecephemeralcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].volumeMounts[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) @@ -20200,13 +29897,41 @@ SubPathExpr and SubPath are mutually exclusive.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.hostAliases[index] +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.os [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the -pod's hosts file. +Specifies the OS of the containers in the pod. +Some pod and container fields are restricted if this is set. + + +If the OS field is set to linux, the following fields must be unset: +-securityContext.windowsOptions + + +If the OS field is set to windows, following fields must be unset: +- spec.hostPID +- spec.hostIPC +- spec.hostUsers +- spec.securityContext.seLinuxOptions +- spec.securityContext.seccompProfile +- spec.securityContext.fsGroup +- spec.securityContext.fsGroupChangePolicy +- spec.securityContext.sysctls +- spec.shareProcessNamespace +- spec.securityContext.runAsUser +- spec.securityContext.runAsGroup +- spec.securityContext.supplementalGroups +- spec.containers[*].securityContext.seLinuxOptions +- spec.containers[*].securityContext.seccompProfile +- spec.containers[*].securityContext.capabilities +- spec.containers[*].securityContext.readOnlyRootFilesystem +- spec.containers[*].securityContext.privileged +- spec.containers[*].securityContext.allowPrivilegeEscalation +- spec.containers[*].securityContext.procMount +- spec.containers[*].securityContext.runAsUser +- spec.containers[*].securityContext.runAsGroup @@ -20218,30 +29943,25 @@ pod's hosts file. - - - - - - + - +
hostnames[]string - Hostnames for the above IP address.
- 		false
ipname string - IP address of the host file entry.
+ Name is the name of the operating system. The currently supported values are linux and windows. +Additional value may be defined in future and can be one of: +https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration +Clients should expect to handle additional values and treat unrecognized values in this field as os: null
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.imagePullSecrets[index] +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.readinessGates[index] [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -LocalObjectReference contains enough information to let you locate the -referenced object inside the same namespace. +PodReadinessGate contains the reference to a pod condition @@ -20253,24 +29973,24 @@ referenced object inside the same namespace. - + - +
nameconditionType string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ ConditionType refers to a condition in the pod's condition list with matching type.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index] +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.resourceClaims[index] [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -A single application container that you want to run within a pod. +PodResourceClaim references exactly one ResourceClaim through a ClaimSource. +It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. +Containers that need access to the ResourceClaim reference it with this name. @@ -20285,271 +30005,383 @@ A single application container that you want to run within a pod. - - + + - - - + +
name string - Name of the container specified as a DNS_LABEL. -Each container in a pod must have a unique name (DNS_LABEL). -Cannot be updated.
+ Name uniquely identifies this resource claim inside the pod. +This must be a DNS_LABEL.
 true
args[]stringsourceobject - Arguments to the entrypoint. -The container image's CMD is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ Source describes where to find the ResourceClaim.
 false
command[]string
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.resourceClaims[index].source +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecresourceclaimsindex) + + + +Source describes where to find the ResourceClaim. + + + + + + + + + + + + + - - + + - - - + +
NameTypeDescriptionRequired
resourceClaimNamestring - Entrypoint array. Not executed within a shell. -The container image's ENTRYPOINT is used if this is not provided. -Variable references $(VAR_NAME) are expanded using the container's environment. If a variable -cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will -produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless -of whether the variable exists or not. Cannot be updated. -More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+ ResourceClaimName is the name of a ResourceClaim object in the same +namespace as this pod.
 false
env[]objectresourceClaimTemplateNamestring - List of environment variables to set in the container. -Cannot be updated.
+ ResourceClaimTemplateName is the name of a ResourceClaimTemplate +object in the same namespace as this pod. + + +The template will be used to create a new ResourceClaim, which will +be bound to this pod. When this pod is deleted, the ResourceClaim +will also be deleted. The pod name and resource name, along with a +generated component, will be used to form a unique name for the +ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. + + +This field is immutable and no changes will be made to the +corresponding ResourceClaim by the control plane after creating the +ResourceClaim.
 false
envFrom[]object
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.schedulingGates[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) + + + +PodSchedulingGate is associated to a Pod to guard its scheduling. + + + + + + + + + + + + + - - - - + + +
NameTypeDescriptionRequired
namestring - List of sources to populate environment variables in the container. -The keys defined within a source must be a C_IDENTIFIER. All invalid keys -will be reported as an event when the container is starting. When a key exists in multiple -sources, the value associated with the last source will take precedence. -Values defined by an Env with a duplicate key will take precedence. -Cannot be updated.
+ Name of the scheduling gate. +Each scheduling gate must have a unique name field.
false
imagestringtrue
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) + + + +SecurityContext holds pod-level security attributes and common container settings. +Optional: Defaults to empty. See type description for default values of each field. + + + + + + + + + + + + + - + - - + + - - + + - - + + - + - - - - - - + - - + + - - + + - + - - - + +
NameTypeDescriptionRequired
fsGroupinteger - Container image name. -More info: https://kubernetes.io/docs/concepts/containers/images -This field is optional to allow higher level config management to default or override -container images in workload controllers like Deployments and StatefulSets.
+ A special supplemental group that applies to all containers in a pod. +Some volume types allow the Kubelet to change the ownership of that volume +to be owned by the pod: + + +1. The owning GID will be the FSGroup +2. The setgid bit is set (new files created in the volume will be owned by FSGroup) +3. The permission bits are OR'd with rw-rw---- + + +If unset, the Kubelet will not modify the ownership and permissions of any volume. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
 false
imagePullPolicyfsGroupChangePolicy string - Image pull policy. -One of Always, Never, IfNotPresent. -Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+ fsGroupChangePolicy defines behavior of changing ownership and permission of the volume +before being exposed inside Pod. This field will only apply to +volume types which support fsGroup based ownership(and permissions). +It will have no effect on ephemeral volume types such as: secret, configmaps +and emptydir. +Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. +Note that this field cannot be set when spec.os.name is windows.
 false
lifecycleobjectrunAsGroupinteger - Actions that the management system should take in response to container lifecycle events. -Cannot be updated.
+ The GID to run the entrypoint of the container process. +Uses runtime default if unset. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
 false
livenessProbeobjectrunAsNonRootboolean - Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ Indicates that the container must run as a non-root user. +If true, the Kubelet will validate the image at runtime to ensure that it +does not run as UID 0 (root) and fail to start the container if it does. +If unset or false, no such validation will be performed. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
ports[]objectrunAsUserinteger - List of ports to expose from the container. Not specifying a port here -DOES NOT prevent that port from being exposed. Any port which is -listening on the default "0.0.0.0" address inside a container will be -accessible from the network. -Modifying this array with strategic merge patch may corrupt the data. -For more information See https://github.com/kubernetes/kubernetes/issues/108255. -Cannot be updated.
+ The UID to run the entrypoint of the container process. +Defaults to user specified in image metadata if unspecified. +May also be set in SecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence +for that container. +Note that this field cannot be set when spec.os.name is windows.
+
+ Format: int64
 false
readinessProbeseLinuxOptions object - Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
- 		false
resizePolicy[]object - Resources resize policy for the container.
+ The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows.
 false
resourcesseccompProfile object - Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows.
 false
restartPolicystringsupplementalGroups[]integer - RestartPolicy defines the restart behavior of individual containers in a pod. -This field may only be set for init containers, and the only allowed value is "Always". -For non-init containers or when this field is not specified, -the restart behavior is defined by the Pod's restart policy and the container type. -Setting the RestartPolicy as "Always" for the init container will have the following effect: -this init container will be continually restarted on -exit until all regular containers have terminated. Once all regular -containers have completed, all init containers with restartPolicy "Always" -will be shut down. This lifecycle differs from normal init containers and -is often referred to as a "sidecar" container. Although this init -container still starts in the init container sequence, it does not wait -for the container to complete before proceeding to the next init -container. Instead, the next init container starts immediately after this -init container is started, or after any startupProbe has successfully -completed.
+ A list of groups applied to the first process run in each container, in addition +to the container's primary GID, the fsGroup (if specified), and group memberships +defined in the container image for the uid of the container process. If unspecified, +no additional groups are added to any container. Note that group memberships +defined in the container image for the uid of the container process are still effective, +even if they are not included in this list. +Note that this field cannot be set when spec.os.name is windows.
 false
securityContextobjectsysctls[]object - SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+ Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported +sysctls (by the container runtime) might fail to launch. +Note that this field cannot be set when spec.os.name is windows.
 false
startupProbewindowsOptions object - StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+ The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux.
 false
stdinboolean
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.seLinuxOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) + + + +The SELinux context to be applied to all containers. +If unspecified, the container runtime will allocate a random SELinux context for each +container. May also be set in SecurityContext. If set in +both SecurityContext and PodSecurityContext, the value specified in SecurityContext +takes precedence for that container. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + - - + + - + - + - - - + +
NameTypeDescriptionRequired
levelstring - Whether this container should allocate a buffer for stdin in the container runtime. If this -is not set, reads from stdin in the container will always result in EOF. -Default is false.
+ Level is SELinux level label that applies to the container.
 false
stdinOncebooleanrolestring - Whether the container runtime should close the stdin channel after it has been opened by -a single attach. When stdin is true the stdin stream will remain open across multiple attach -sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the -first client attaches to stdin, and then remains open and accepts data until the client disconnects, -at which time stdin is closed and remains closed until the container is restarted. If this -flag is false, a container processes that reads from stdin will never receive an EOF. -Default is false
+ Role is a SELinux role label that applies to the container.
 false
terminationMessagePathtype string - Optional: Path at which the file to which the container's termination message -will be written is mounted into the container's filesystem. -Message written is intended to be brief final status, such as an assertion failure message. -Will be truncated by the node if greater than 4096 bytes. The total message length across -all containers will be limited to 12kb. -Defaults to /dev/termination-log. -Cannot be updated.
+ Type is a SELinux type label that applies to the container.
 false
terminationMessagePolicyuser string - Indicate how the termination message should be populated. File will use the contents of -terminationMessagePath to populate the container status message on both success and failure. -FallbackToLogsOnError will use the last chunk of container log output if the termination -message file is empty and the container exited with an error. -The log output is limited to 2048 bytes or 80 lines, whichever is smaller. -Defaults to File. -Cannot be updated.
+ User is a SELinux user label that applies to the container.
 false
ttyboolean
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.seccompProfile +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) + + + +The seccomp options to use by the containers in this pod. +Note that this field cannot be set when spec.os.name is windows. + + + + + + + + + + + + + - + - - + + - - - + +
NameTypeDescriptionRequired
typestring - Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. -Default is false.
+ type indicates which kind of seccomp profile will be applied. +Valid options are: + + +Localhost - a profile defined in a file on the node should be used. +RuntimeDefault - the container runtime default profile should be used. +Unconfined - no profile should be applied.
falsetrue
volumeDevices[]objectlocalhostProfilestring - volumeDevices is the list of block devices to be used by the container.
+ localhostProfile indicates a profile defined in a file on the node should be used. +The profile must be preconfigured on the node to work. +Must be a descending path, relative to the kubelet's configured seccomp profile location. +Must be set if type is "Localhost". Must NOT be set for any other type.
 false
volumeMounts[]object
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.sysctls[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) + + + +Sysctl defines a kernel parameter to be set + + + + + + + + + + + + + - + - + - +
NameTypeDescriptionRequired
namestring - Pod volumes to mount into the container's filesystem. -Cannot be updated.
+ Name of a property to set
falsetrue
workingDirvalue string - Container's working directory. -If not specified, the container runtime's default will be used, which -might be configured in the container image. -Cannot be updated.
+ Value of a property to set
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.windowsOptions +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) -EnvVar represents an environment variable present in a Container. +The Windows specific settings applied to all containers. +If unspecified, the options within a container's SecurityContext will be used. +If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. +Note that this field cannot be set when spec.os.name is linux. @@ -20561,44 +30393,52 @@ EnvVar represents an environment variable present in a Container. - + - + - + - - + + + + + + +
namegmsaCredentialSpec string - Name of the environment variable. Must be a C_IDENTIFIER.
+ GMSACredentialSpec is where the GMSA admission webhook +(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the +GMSA credential spec named by the GMSACredentialSpecName field.
truefalse
valuegmsaCredentialSpecName string - Variable references $(VAR_NAME) are expanded -using the previously defined environment variables in the container and -any service environment variables. If a variable cannot be resolved, -the reference in the input string will be unchanged. Double $$ are reduced -to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. -"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". -Escaped references will never be expanded, regardless of whether the variable -exists or not. -Defaults to "".
+ GMSACredentialSpecName is the name of the GMSA credential spec to use.
 false
valueFromobjecthostProcessboolean - Source for the environment variable's value. Cannot be used if value is not empty.
+ HostProcess determines if a container should be run as a 'Host Process' container. +All of a Pod's containers must have the same effective HostProcess value +(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). +In addition, if HostProcess is true then HostNetwork must also be set to true.
+ 		false
runAsUserNamestring + The UserName in Windows to run the entrypoint of the container process. +Defaults to the user specified in image metadata if unspecified. +May also be set in PodSecurityContext. If set in both SecurityContext and +PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.tolerations[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -Source for the environment variable's value. Cannot be used if value is not empty. +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . @@ -20610,45 +30450,61 @@ Source for the environment variable's value. Cannot be used if value is not empt - - + + - - + + - - + + - - + + + + + + +
configMapKeyRefobjecteffectstring - Selects a key of a ConfigMap.
+ Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
 false
fieldRefobjectkeystring - Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
 false
resourceFieldRefobjectoperatorstring - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ Operator represents a key's relationship to the value. +Valid operators are Exists and Equal. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category.
 false
secretKeyRefobjecttolerationSecondsinteger - Selects a key of a secret in the pod's namespace
+ TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.configMapKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -Selects a key of a ConfigMap. +TopologySpreadConstraint specifies how to spread matching pods among the given topology. @@ -20660,39 +30516,168 @@ Selects a key of a ConfigMap. - + + + + + + - + + + + + + - - + + + + + + + + + + + + + + + + +
keymaxSkewinteger + MaxSkew describes the degree to which pods may be unevenly distributed. +When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference +between the number of matching pods in the target topology and the global minimum. +The global minimum is the minimum number of matching pods in an eligible domain +or zero if the number of eligible domains is less than MinDomains. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 2/2/1: +In this case, the global minimum is 1. +| zone1 | zone2 | zone3 | +| P P | P P | P | +- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; +scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) +violate MaxSkew(1). +- if MaxSkew is 2, incoming pod can be scheduled onto any zone. +When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence +to topologies that satisfy it. +It's a required field. Default value is 1 and 0 is not allowed.
+
+ Format: int32
+ 		true
topologyKey string - The key to select.
+ TopologyKey is the key of node labels. Nodes that have a label with this key +and identical values are considered to be in the same topology. +We consider each as a "bucket", and try to put balanced number +of pods into each bucket. +We define a domain as a particular instance of a topology. +Also, we define an eligible domain as a domain whose nodes meet the requirements of +nodeAffinityPolicy and nodeTaintsPolicy. +e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. +And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. +It's a required field.
 true
namewhenUnsatisfiable string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy +the spread constraint. +- DoNotSchedule (default) tells the scheduler not to schedule it. +- ScheduleAnyway tells the scheduler to schedule the pod in any location, + but giving higher precedence to topologies that would help reduce the + skew. +A constraint is considered "Unsatisfiable" for an incoming pod +if and only if every possible node assignment for that pod would violate +"MaxSkew" on some topology. +For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same +labelSelector spread as 3/1/1: +| zone1 | zone2 | zone3 | +| P P P | P | P | +If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled +to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies +MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler +won't make it *more* imbalanced. +It's a required field.
+ 		true
labelSelectorobject + LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain.
 false
optionalbooleanmatchLabelKeys[]string - Specify whether the ConfigMap or its key must be defined
+ MatchLabelKeys is a set of pod label keys to select the pods over which +spreading will be calculated. The keys are used to lookup values from the +incoming pod labels, those key-value labels are ANDed with labelSelector +to select the group of existing pods over which spreading will be calculated +for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. +MatchLabelKeys cannot be set when LabelSelector isn't set. +Keys that don't exist in the incoming pod labels will +be ignored. A null or empty list means only match against labelSelector. + + +This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ 		false
minDomainsinteger + MinDomains indicates a minimum number of eligible domains. +When the number of eligible domains with matching topology keys is less than minDomains, +Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. +And when the number of eligible domains with matching topology keys equals or greater than minDomains, +this value has no effect on scheduling. +As a result, when the number of eligible domains is less than minDomains, +scheduler won't schedule more than maxSkew Pods to those domains. +If value is nil, the constraint behaves as if MinDomains is equal to 1. +Valid values are integers greater than 0. +When value is not nil, WhenUnsatisfiable must be DoNotSchedule. + + +For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same +labelSelector spread as 2/2/2: +| zone1 | zone2 | zone3 | +| P P | P P | P P | +The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. +In this situation, new pod with the same labelSelector cannot be scheduled, +because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, +it will violate MaxSkew. + + +This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
+
+ Format: int32
+ 		false
nodeAffinityPolicystring + NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector +when calculating pod topology spread skew. Options are: +- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. +- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. + + +If this value is nil, the behavior is equivalent to the Honor policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ 		false
nodeTaintsPolicystring + NodeTaintsPolicy indicates how we will treat node taints when calculating +pod topology spread skew. Options are: +- Honor: nodes without taints, along with tainted nodes for which the incoming pod +has a toleration, are included. +- Ignore: node taints are ignored. All nodes are included. + + +If this value is nil, the behavior is equivalent to the Ignore policy. +This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.fieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index].labelSelector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespectopologyspreadconstraintsindex) -Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, -spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. +LabelSelector is used to find matching pods. +Pods that match this label selector are counted to determine the number of pods +in their corresponding topology domain. @@ -20704,30 +30689,32 @@ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podI - - + + - + - - + +
fieldPathstringmatchExpressions[]object - Path of the field to select in the specified API version.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
truefalse
apiVersionstringmatchLabelsmap[string]string - Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.resourceFieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespectopologyspreadconstraintsindexlabelselector) -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -20739,36 +30726,40 @@ Selects a resource of the container: only resources limits and requests - + - + - + - - + +
resourcekey string - Required: resource to select
+ key is the label key that the selector applies to.
 true
containerNameoperator string - Container name: required for volumes, optional for env vars
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
divisorint or stringvalues[]string - Specifies the output format of the exposed resources, defaults to "1"
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].env[index].valueFrom.secretKeyRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvindexvaluefrom) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) -Selects a key of a secret in the pod's namespace +Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -20780,243 +30771,281 @@ Selects a key of a secret in the pod's namespace - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - + + - - + + - -
keyname string - The key of the secret to select from. Must be a valid secret key.
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ 		true
awsElasticBlockStoreobject + awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		false
azureDiskobject + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ 		false
azureFileobject + azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ 		false
cephfsobject + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ 		false
cinderobject + cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
configMapobject + configMap represents a configMap that should populate this volume
+ 		false
csiobject + csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ 		false
downwardAPIobject + downwardAPI represents downward API about the pod that should populate this volume
+ 		false
emptyDirobject + emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ 		false
ephemeralobject + ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time.
+ 		false
fcobject + fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+ 		false
flexVolumeobject + flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
+ 		false
flockerobject + flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ 		false
gcePersistentDiskobject + gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ 		false
gitRepoobject + gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
truefalse
namestringglusterfsobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
optionalbooleanhostPathobject - Specify whether the Secret or its key must be defined
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) - - - -EnvFromSource represents the source of a set of ConfigMaps - - - - - - - - - - - - + + - - + + - + - -
NameTypeDescriptionRequired
configMapRef
iscsi object - The ConfigMap to select from
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
prefixstringnfsobject - An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
secretRefpersistentVolumeClaim object - The Secret to select from
+ persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index].configMapRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvfromindex) - - - -The ConfigMap to select from - - - - - - - - - - - - - + + + - - + + - -
NameTypeDescriptionRequired
namestring
photonPersistentDiskobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
 false
optionalbooleanportworxVolumeobject - Specify whether the ConfigMap must be defined
+ portworxVolume represents a portworx volume attached and mounted on kubelets host machine
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].envFrom[index].secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexenvfromindex) - - - -The Secret to select from - - - - - - - - - - - - - + + + - - + + - -
NameTypeDescriptionRequired
namestring
projectedobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ projected items for all in one resources secrets, configmaps, and downward API
 false
optionalbooleanquobyteobject - Specify whether the Secret must be defined
+ quobyte represents a Quobyte mount on the host that shares a pod's lifetime
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) - - - -Actions that the management system should take in response to container lifecycle events. -Cannot be updated. - - - - - - - - - - - - + + - + - -
NameTypeDescriptionRequired
postStart
rbd object - PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
 false
preStopscaleIO object - PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycle) - - - -PostStart is called immediately after a container is created. If the handler fails, -the container is terminated and restarted according to its restart policy. -Other management of the container blocks until the hook completes. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - - - - - - - - - - - - + + - + - +
NameTypeDescriptionRequired
exec
secret object - Exec specifies the action to take.
+ secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
httpGetstorageos object - HTTPGet specifies the http request to perform.
+ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
 false
tcpSocketvsphereVolume object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].awsElasticBlockStore +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -Exec specifies the action to take. +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore @@ -21028,26 +31057,54 @@ Exec specifies the action to take. - - + + + + + + + + + + + + + + + + +
command[]stringvolumeIDstring - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		true
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
partitioninteger + partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].azureDisk +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -HTTPGet specifies the http request to perform. +azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -21059,54 +31116,60 @@ HTTPGet specifies the http request to perform. - - + + - + - + - - + + - + - + + + + + +
portint or stringdiskNamestring - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ diskName is the Name of the data disk in the blob storage
 true
hostdiskURI string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ diskURI is the URI of data disk in the blob storage
falsetrue
httpHeaders[]objectcachingModestring - Custom headers to set in the request. HTTP allows repeated headers.
+ cachingMode is the Host Caching mode: None, Read Only, Read Write.
 false
pathfsType string - Path to access on the HTTP server.
+ fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
schemekind string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststarthttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].azureFile +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -HTTPHeader describes a custom header to be used in HTTP probes +azureFile represents an Azure File Service mount on the host and bind mount to the pod. @@ -21118,32 +31181,37 @@ HTTPHeader describes a custom header to be used in HTTP probes - + - + + + + + +
namesecretName string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ secretName is the name of secret that contains Azure Storage Account Name and Key
 true
valueshareName string - The header field value
+ shareName is the azure share Name
 true
readOnlyboolean + readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.postStart.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecyclepoststart) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cephfs +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -21155,82 +31223,64 @@ lifecycle hooks will fail in runtime when tcp handler is specified. - - + + - + - -
portint or stringmonitors[]string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 true
hostpath string - Optional: Host name to connect to, defaults to the pod IP.
+ path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycle) - - - -PreStop is called immediately before a container is terminated due to an -API request or management event such as liveness/startup probe failure, -preemption, resource contention, etc. The handler is not called if the -container crashes or exits. The Pod's termination grace period countdown begins before the -PreStop hook is executed. Regardless of the outcome of the handler, the -container will eventually terminate within the Pod's termination grace -period (unless delayed by finalizers). Other management of the container blocks until the hook completes -or until the termination grace period is reached. -More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks - - - - - - - - - - - - - + + + - - + + - + + + + + +
NameTypeDescriptionRequired
execobject
readOnlyboolean - Exec specifies the action to take.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
httpGetobjectsecretFilestring - HTTPGet specifies the http request to perform.
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
tcpSocketsecretRef object - Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified.
+ secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
userstring + user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cephfs.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcephfs) -Exec specifies the action to take. +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -21242,26 +31292,25 @@ Exec specifies the action to take. - - + +
command[]stringnamestring - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cinder +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -HTTPGet specifies the http request to perform. +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -21273,54 +31322,80 @@ HTTPGet specifies the http request to perform. - - + + - + - - + + - - + + - - + +
portint or stringvolumeIDstring - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 true
hostfsType string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
httpHeaders[]objectreadOnlyboolean - Custom headers to set in the request. HTTP allows repeated headers.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
pathstringsecretRefobject - Path to access on the HTTP server.
+ secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
scheme
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cinder.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcinder) + + + +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. + + + + + + + + + + + +
NameTypeDescriptionRequired
name string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestophttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].configMap +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -HTTPHeader describes a custom header to be used in HTTP probes +configMap represents a configMap that should populate this volume @@ -21332,32 +31407,59 @@ HTTPHeader describes a custom header to be used in HTTP probes + + + + + + + + + + - + - - + + - +
defaultModeinteger + defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
valuestringoptionalboolean - The header field value
+ optional specify whether the ConfigMap or its keys must be defined
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].lifecycle.preStop.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlifecycleprestop) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].configMap.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexconfigmap) -Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept -for the backward compatibility. There are no validation of this field and -lifecycle hooks will fail in runtime when tcp handler is specified. +Maps a string key to a path within a volume. @@ -21369,34 +31471,46 @@ lifecycle hooks will fail in runtime when tcp handler is specified. - - + + - + + + + + +
portint or stringkeystring - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ key is the key to project.
 true
hostpath string - Optional: Host name to connect to, defaults to the pod IP.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].csi +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -Periodic probe of container liveness. -Container will be restarted if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). @@ -21408,112 +31522,63 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - + - - + + - + - - + + - - + +
execobject - Exec specifies the action to take.
- 		false
failureThresholdinteger - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
- 		false
grpcobject - GRPC specifies an action involving a GRPC port.
- 		false
httpGetobject - HTTPGet specifies the http request to perform.
- 		false
initialDelaySecondsinteger - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
- 		false
periodSecondsintegerdriverstring - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
-
- Format: int32
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
falsetrue
successThresholdintegerfsTypestring - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
tcpSocketnodePublishSecretRef object - TCPSocket specifies an action involving a TCP port.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
terminationGracePeriodSecondsintegerreadOnlyboolean - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
timeoutSecondsintegervolumeAttributesmap[string]string - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].csi.nodePublishSecretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcsi) -Exec specifies the action to take. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. @@ -21525,26 +31590,24 @@ Exec specifies the action to take. - - + +
command[]stringnamestring - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -GRPC specifies an action involving a GRPC port. +downwardAPI represents downward API about the pod that should populate this volume @@ -21556,35 +31619,38 @@ GRPC specifies an action involving a GRPC port. - + - + - - + +
portdefaultMode integer - Port number of the gRPC service. Number must be in the range 1 to 65535.
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
truefalse
servicestringitems[]object - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ Items is a list of downward API volume file
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapi) -HTTPGet specifies the http request to perform. +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -21596,54 +31662,51 @@ HTTPGet specifies the http request to perform. - - - - - - + - + - - + + - - + + - - + +
portint or string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
- 		true
hostpath string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
falsetrue
httpHeaders[]objectfieldRefobject - Custom headers to set in the request. HTTP allows repeated headers.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
 false
pathstringmodeinteger - Path to access on the HTTP server.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
schemestringresourceFieldRefobject - Scheme to use for connecting to the host. -Defaults to HTTP.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index].fieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapiitemsindex) -HTTPHeader describes a custom header to be used in HTTP probes +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -21655,66 +31718,30 @@ HTTPHeader describes a custom header to be used in HTTP probes - - - - - - + - - -
namestring - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
- 		true
valuefieldPath string - The header field value
- 		true
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].livenessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexlivenessprobe) - - - -TCPSocket specifies an action involving a TCP port. - - - - - - - - - - - - - - - +
NameTypeDescriptionRequired
portint or string - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Path of the field to select in the specified API version.
 true
hostapiVersion string - Optional: Host name to connect to, defaults to the pod IP.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].ports[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapiitemsindex) -ContainerPort represents a network port in a single container. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -21726,66 +31753,37 @@ ContainerPort represents a network port in a single container. - - - - - - + - - - - - - + - + - - + +
containerPortinteger - Number of port to expose on the pod's IP address. -This must be a valid port number, 0 < x < 65536.
-
- Format: int32
- 		true
hostIPresource string - What host IP to bind the external port to.
- 		false
hostPortinteger - Number of port to expose on the host. -If specified, this must be a valid port number, 0 < x < 65536. -If HostNetwork is specified, this must match ContainerPort. -Most containers do not need this.
-
- Format: int32
+ Required: resource to select
falsetrue
namecontainerName string - If specified, this must be an IANA_SVC_NAME and unique within the pod. Each -named port in a pod must have a unique name. Name for the port that can be -referred to by services.
+ Container name: required for volumes, optional for env vars
 false
protocolstringdivisorint or string - Protocol for port. Must be UDP, TCP, or SCTP. -Defaults to "TCP".
-
- Default: TCP
+ Specifies the output format of the exposed resources, defaults to "1"
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].emptyDir +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -Periodic probe of container service readiness. -Container will be removed from service endpoints if the probe fails. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -21797,112 +31795,64 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + +
execobject - Exec specifies the action to take.
- 		false
failureThresholdinteger - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
- 		false
grpcobject - GRPC specifies an action involving a GRPC port.
- 		false
httpGetobject - HTTPGet specifies the http request to perform.
- 		false
initialDelaySecondsinteger - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
- 		false
periodSecondsinteger - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
-
- Format: int32
- 		false
successThresholdinteger - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
- 		false
tcpSocketobject - TCPSocket specifies an action involving a TCP port.
- 		false
terminationGracePeriodSecondsintegermediumstring - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
timeoutSecondsintegersizeLimitint or string - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) + + + +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). -Exec specifies the action to take. +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. @@ -21914,26 +31864,68 @@ Exec specifies the action to take. - - + +
command[]stringvolumeClaimTemplateobject - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeral) -GRPC specifies an action involving a GRPC port. +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. @@ -21945,35 +31937,37 @@ GRPC specifies an action involving a GRPC port. - - + + - - + +
portintegerspecobject - Port number of the gRPC service. Number must be in the range 1 to 65535.
-
- Format: int32
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
servicestringmetadataobject - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplate) -HTTPGet specifies the http request to perform. +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. @@ -21985,89 +31979,114 @@ HTTPGet specifies the http request to perform. - - + + - + - - + + - - + + - - + + - + + + + + + - -
portint or stringaccessModes[]string - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
truefalse
hoststringdataSourceobject - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
 false
httpHeaders[]objectdataSourceRefobject - Custom headers to set in the request. HTTP allows repeated headers.
+ dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
pathstringresourcesobject - Path to access on the HTTP server.
+ resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
 false
schemeselectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassName string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobehttpget) - - - -HTTPHeader describes a custom header to be used in HTTP probes - - - - - - - - - - - - + + - + - + - +
NameTypeDescriptionRequired
name
volumeMode string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
truefalse
valuevolumeName string - The header field value
+ volumeName is the binding reference to the PersistentVolume backing this claim.
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].readinessProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexreadinessprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) -TCPSocket specifies an action involving a TCP port. +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. @@ -22079,31 +32098,60 @@ TCPSocket specifies an action involving a TCP port. - - + + - + + + + + +
portint or stringkindstring - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ Kind is the type of resource being referenced
 true
hostname string - Optional: Host name to connect to, defaults to the pod IP.
+ Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resizePolicy[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) -ContainerResizePolicy represents resource resize policy for the container. +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. @@ -22115,33 +32163,51 @@ ContainerResizePolicy represents resource resize policy for the container. - + - + + + + + + + + + + +
resourceNamekind string - Name of the resource to which this resource resize policy applies. -Supported values: cpu, memory.
+ Kind is the type of resource being referenced
 true
restartPolicyname string - Restart policy to apply when specified resource is resized. -If not specified, it defaults to NotRequired.
+ Name is the name of resource being referenced
 true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
+ 		false
namespacestring + Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resources -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) -Compute Resources required by this container. -Cannot be updated. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -22153,7 +32219,7 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co - +
claimsclaims []object Claims lists the names of resources, defined in spec.resourceClaims, @@ -22189,8 +32255,8 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].resources.claims[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexresources) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespecresources) @@ -22218,14 +32284,12 @@ inside a container.
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) -SecurityContext defines the security options the container should be run with. -If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. -More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +selector is a label query over volumes to consider for binding. @@ -22237,138 +32301,134 @@ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-con - - + + - - + + - - - + +
allowPrivilegeEscalationbooleanmatchExpressions[]object - AllowPrivilegeEscalation controls whether a process can gain more -privileges than its parent process. This bool directly controls if -the no_new_privs flag will be set on the container process. -AllowPrivilegeEscalation is true always when the container is: -1) run as Privileged -2) has CAP_SYS_ADMIN -Note that this field cannot be set when spec.os.name is windows.
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
capabilitiesobjectmatchLabelsmap[string]string - The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
privilegedboolean
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespecselector) + + + +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. + + + + + + + + + + + + + - + - + - + - - + + - - - + +
NameTypeDescriptionRequired
keystring - Run container in privileged mode. -Processes in privileged containers are essentially equivalent to root on the host. -Defaults to false. -Note that this field cannot be set when spec.os.name is windows.
+ key is the label key that the selector applies to.
falsetrue
procMountoperator string - procMount denotes the type of proc mount to use for the containers. -The default is DefaultProcMount which uses the container runtime defaults for -readonly paths and masked paths. -This requires the ProcMountType feature flag to be enabled. -Note that this field cannot be set when spec.os.name is windows.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
readOnlyRootFilesystembooleanvalues[]string - Whether this container has a read-only root filesystem. -Default is false. -Note that this field cannot be set when spec.os.name is windows.
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
runAsGroupinteger
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplate) + + + +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. + + + + + + + + + + + + + - - - - - - - + + - - + + - - + + - - + +
NameTypeDescriptionRequired
annotationsmap[string]string - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.

- Format: int64
- 		false
runAsNonRootboolean - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
 false
runAsUserintegerfinalizers[]string - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.

- Format: int64
 false
seLinuxOptionsobjectlabelsmap[string]string - The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows.
+
false
seccompProfileobjectnamestring - The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows.
+
false
windowsOptionsobjectnamespacestring - The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+
false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.capabilities -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].fc +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -The capabilities to add/drop when running containers. -Defaults to the default set of capabilities granted by the container runtime. -Note that this field cannot be set when spec.os.name is windows. +fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -22380,33 +32440,58 @@ Note that this field cannot be set when spec.os.name is windows. - + + + + + + + + + + + + + + + + - +
addfsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
luninteger + lun is Optional: FC target lun number
+
+ Format: int32
+ 		false
readOnlyboolean + readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
targetWWNs []string - Added capabilities
+ targetWWNs is Optional: FC target worldwide names (WWNs)
 false
dropwwids []string - Removed capabilities
+ wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.seLinuxOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flexVolume +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -The SELinux context to be applied to the container. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is windows. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. @@ -22418,46 +32503,61 @@ Note that this field cannot be set when spec.os.name is windows. - + - + - + - - + + - - + + + + + + +
leveldriver string - Level is SELinux level label that applies to the container.
+ driver is the name of the driver to use for this volume.
falsetrue
rolefsType string - Role is a SELinux role label that applies to the container.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
 false
typestringoptionsmap[string]string - Type is a SELinux type label that applies to the container.
+ options is Optional: this field holds extra command options if any.
 false
userstringreadOnlyboolean - User is a SELinux user label that applies to the container.
+ readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.seccompProfile -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flexVolume.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexflexvolume) -The seccomp options to use by this container. If seccomp options are -provided at both the pod & container level, the container options -override the pod options. -Note that this field cannot be set when spec.os.name is windows. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. @@ -22469,41 +32569,24 @@ Note that this field cannot be set when spec.os.name is windows. - - - - - - +
typestring - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
- 		true
localhostProfilename string - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].securityContext.windowsOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flocker +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -The Windows specific settings applied to all containers. -If unspecified, the options from the PodSecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running @@ -22515,57 +32598,32 @@ Note that this field cannot be set when spec.os.name is linux. - - - - - - + - - - - - - +
gmsaCredentialSpecstring - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
- 		false
gmsaCredentialSpecNamedatasetName string - GMSACredentialSpecName is the name of the GMSA credential spec to use.
- 		false
hostProcessboolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
runAsUserNamedatasetUUID string - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].gcePersistentDisk +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -StartupProbe indicates that the Pod has successfully initialized. -If specified, no other probes are executed until this completes successfully. -If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. -This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, -when it might take a long time to load data or warm a cache, than during steady-state operation. -This cannot be updated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -22577,112 +32635,104 @@ More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#cont - - - - - - - - - - - - - - - - - + + - + - - + + - + - - + + - - - + +
execobject - Exec specifies the action to take.
- 		false
failureThresholdinteger - Minimum consecutive failures for the probe to be considered failed after having succeeded. -Defaults to 3. Minimum value is 1.
-
- Format: int32
- 		false
grpcobject - GRPC specifies an action involving a GRPC port.
- 		false
httpGetobjectpdNamestring - HTTPGet specifies the http request to perform.
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
falsetrue
initialDelaySecondsintegerfsTypestring - Number of seconds after the container has started before liveness probes are initiated. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
periodSecondspartition integer - How often (in seconds) to perform the probe. -Default to 10 seconds. Minimum value is 1.
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
 false
successThresholdintegerreadOnlyboolean - Minimum consecutive successes for the probe to be considered successful after having failed. -Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
-
- Format: int32
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
tcpSocketobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].gitRepo +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) + + + +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. + + + + + + + + + + + + + - + - - + + - - + +
NameTypeDescriptionRequired
repositorystring - TCPSocket specifies an action involving a TCP port.
+ repository is the URL
falsetrue
terminationGracePeriodSecondsintegerdirectorystring - Optional duration in seconds the pod needs to terminate gracefully upon probe failure. -The grace period is the duration in seconds after the processes running in the pod are sent -a termination signal and the time when the processes are forcibly halted with a kill signal. -Set this value longer than the expected cleanup time for your process. -If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this -value overrides the value provided by the pod spec. -Value must be non-negative integer. The value zero indicates stop immediately via -the kill signal (no opportunity to shut down). -This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. -Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
-
- Format: int64
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
timeoutSecondsintegerrevisionstring - Number of seconds after which the probe times out. -Defaults to 1 second. Minimum value is 1. -More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
-
- Format: int32
+ revision is the commit hash for the specified revision.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.exec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].glusterfs +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -Exec specifies the action to take. +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -22694,26 +32744,47 @@ Exec specifies the action to take. - - + + + + + + + + + + + +
command[]stringendpointsstring - Command is the command line to execute inside the container, the working directory for the -command is root ('/') in the container's filesystem. The command is simply exec'd, it is -not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use -a shell, you need to explicitly call out to that shell. -Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ 		true
pathstring + path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ 		true
readOnlyboolean + readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.grpc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].hostPath +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -GRPC specifies an action involving a GRPC port. +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. @@ -22725,35 +32796,35 @@ GRPC specifies an action involving a GRPC port. - - + + - +
portintegerpathstring - Port number of the gRPC service. Number must be in the range 1 to 65535.
-
- Format: int32
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 true
servicetype string - Service is the name of the service to place in the gRPC HealthCheckRequest -(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). - - -If this is not specified, the default behavior is defined by gRPC.
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.httpGet -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].iscsi +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -HTTPGet specifies the http request to perform. +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -22765,54 +32836,104 @@ HTTPGet specifies the http request to perform. - - + + - + + + + + + + + + + + - - + + - + - + + + + + + + + + + + + + + + + + + + + +
portint or stringiqnstring - Name or number of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ iqn is the target iSCSI Qualified Name.
 true
hostluninteger + lun represents iSCSI Target Lun number.
+
+ Format: int32
+ 		true
targetPortal string - Host name to connect to, defaults to the pod IP. You probably want to set -"Host" in httpHeaders instead.
+ targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		true
chapAuthDiscoveryboolean + chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
 false
httpHeaders[]objectchapAuthSessionboolean - Custom headers to set in the request. HTTP allows repeated headers.
+ chapAuthSession defines whether support iSCSI Session CHAP authentication
 false
pathfsType string - Path to access on the HTTP server.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
schemeinitiatorName string - Scheme to use for connecting to the host. -Defaults to HTTP.
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
+ 		false
iscsiInterfacestring + iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
+ 		false
portals[]string + portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
+ 		false
secretRefobject + secretRef is the CHAP Secret for iSCSI target and initiator authentication
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.httpGet.httpHeaders[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobehttpget) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].iscsi.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexiscsi) -HTTPHeader describes a custom header to be used in HTTP probes +secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -22827,27 +32948,69 @@ HTTPHeader describes a custom header to be used in HTTP probes + + +
name string - The header field name. -This will be canonicalized upon output, so case-variant names will be understood as the same header.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].nfs +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) + + + +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs + + + + + + + + + + + + + + - + + + + + +
NameTypeDescriptionRequired
pathstring + path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
valueserver string - The header field value
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
readOnlyboolean + readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].startupProbe.tcpSocket -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindexstartupprobe) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].persistentVolumeClaim +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -TCPSocket specifies an action involving a TCP port. +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims @@ -22859,31 +33022,31 @@ TCPSocket specifies an action involving a TCP port. - - + + - - + +
portint or stringclaimNamestring - Number or name of the port to access on the container. -Number must be in the range 1 to 65535. -Name must be an IANA_SVC_NAME.
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
 true
hoststringreadOnlyboolean - Optional: Host name to connect to, defaults to the pod IP.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].volumeDevices[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].photonPersistentDisk +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -volumeDevice describes a mapping of a raw block device within a container. +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine @@ -22895,29 +33058,31 @@ volumeDevice describes a mapping of a raw block device within a container. - + - + - +
devicePathpdID string - devicePath is the path inside of the container that the device will be mapped to.
+ pdID is the ID that identifies Photon Controller persistent disk
 true
namefsType string - name must match the name of a persistentVolumeClaim in the pod
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.initContainers[index].volumeMounts[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecinitcontainersindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].portworxVolume +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -VolumeMount describes a mounting of a Volume within a container. +portworxVolume represents a portworx volume attached and mounted on kubelets host machine @@ -22929,95 +33094,39 @@ VolumeMount describes a mounting of a Volume within a container. - - - - - - + - + - - - - - - - - - -
mountPathstring - Path within the container at which the volume should be mounted. Must -not contain ':'.
- 		true
namevolumeID string - This must match the Name of a Volume.
+ volumeID uniquely identifies a Portworx volume
 true
mountPropagationfsType string - mountPropagation determines how mounts are propagated from the host -to container and the other way around. -When not set, MountPropagationNone is used. -This field is beta in 1.10.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
readOnly boolean - Mounted read-only if true, read-write otherwise (false or unspecified). -Defaults to false.
- 		false
subPathstring - Path within the volume from which the container's volume should be mounted. -Defaults to "" (volume's root).
- 		false
subPathExprstring - Expanded path within the volume from which the container's volume should be mounted. -Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. -Defaults to "" (volume's root). -SubPathExpr and SubPath are mutually exclusive.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.os -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) - - - -Specifies the OS of the containers in the pod. -Some pod and container fields are restricted if this is set. - +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -If the OS field is set to linux, the following fields must be unset: --securityContext.windowsOptions -If the OS field is set to windows, following fields must be unset: -- spec.hostPID -- spec.hostIPC -- spec.hostUsers -- spec.securityContext.seLinuxOptions -- spec.securityContext.seccompProfile -- spec.securityContext.fsGroup -- spec.securityContext.fsGroupChangePolicy -- spec.securityContext.sysctls -- spec.shareProcessNamespace -- spec.securityContext.runAsUser -- spec.securityContext.runAsGroup -- spec.securityContext.supplementalGroups -- spec.containers[*].securityContext.seLinuxOptions -- spec.containers[*].securityContext.seccompProfile -- spec.containers[*].securityContext.capabilities -- spec.containers[*].securityContext.readOnlyRootFilesystem -- spec.containers[*].securityContext.privileged -- spec.containers[*].securityContext.allowPrivilegeEscalation -- spec.containers[*].securityContext.procMount -- spec.containers[*].securityContext.runAsUser -- spec.containers[*].securityContext.runAsGroup +projected items for all in one resources secrets, configmaps, and downward API @@ -23029,25 +33138,36 @@ If the OS field is set to windows, following fields must be unset: - - + + - + + + + + +
namestringdefaultModeinteger - Name is the name of the operating system. The currently supported values are linux and windows. -Additional value may be defined in future and can be one of: -https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration -Clients should expect to handle additional values and treat unrecognized values in this field as os: null
+ defaultMode are the mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
truefalse
sources[]object + sources is the list of volume projections
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.readinessGates[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojected) -PodReadinessGate contains the reference to a pod condition +Projection that may be projected along with other supported volume types @@ -23059,24 +33179,43 @@ PodReadinessGate contains the reference to a pod condition - - + + - + + + + + + + + + + + + + + + +
conditionTypestringconfigMapobject - ConditionType refers to a condition in the pod's condition list with matching type.
+ configMap information about the configMap data to project
truefalse
downwardAPIobject + downwardAPI information about the downwardAPI data to project
+ 		false
secretobject + secret information about the secret data to project
+ 		false
serviceAccountTokenobject + serviceAccountToken is information about the serviceAccountToken data to project
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.resourceClaims[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].configMap +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) -PodResourceClaim references exactly one ResourceClaim through a ClaimSource. -It adds a name to it that uniquely identifies the ResourceClaim inside the Pod. -Containers that need access to the ResourceClaim reference it with this name. +configMap information about the configMap data to project @@ -23088,30 +33227,44 @@ Containers that need access to the ResourceClaim reference it with this name. + + + + + - + - - + +
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string - Name uniquely identifies this resource claim inside the pod. -This must be a DNS_LABEL.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
sourceobjectoptionalboolean - Source describes where to find the ResourceClaim.
+ optional specify whether the ConfigMap or its keys must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.resourceClaims[index].source -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecresourceclaimsindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].configMap.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexconfigmap) -Source describes where to find the ResourceClaim. +Maps a string key to a path within a volume. @@ -23123,43 +33276,46 @@ Source describes where to find the ResourceClaim. - + - + - + + + + + +
resourceClaimNamekey string - ResourceClaimName is the name of a ResourceClaim object in the same -namespace as this pod.
+ key is the key to project.
falsetrue
resourceClaimTemplateNamepath string - ResourceClaimTemplateName is the name of a ResourceClaimTemplate -object in the same namespace as this pod. - - -The template will be used to create a new ResourceClaim, which will -be bound to this pod. When this pod is deleted, the ResourceClaim -will also be deleted. The pod name and resource name, along with a -generated component, will be used to form a unique name for the -ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses. - - -This field is immutable and no changes will be made to the -corresponding ResourceClaim by the control plane after creating the -ResourceClaim.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
+ 		true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.schedulingGates[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) -PodSchedulingGate is associated to a Pod to guard its scheduling. +downwardAPI information about the downwardAPI data to project @@ -23171,24 +33327,22 @@ PodSchedulingGate is associated to a Pod to guard its scheduling. - - + + - +
namestringitems[]object - Name of the scheduling gate. -Each scheduling gate must have a unique name field.
+ Items is a list of DownwardAPIVolume file
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapi) -SecurityContext holds pod-level security attributes and common container settings. -Optional: Defaults to empty. See type description for default values of each field. +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -23200,145 +33354,86 @@ Optional: Defaults to empty. See type description for default values of each fi - - - - - - + - - - - - - + - - + + - + - - - - - - + - - - - - - - - + +
fsGroupinteger - A special supplemental group that applies to all containers in a pod. -Some volume types allow the Kubelet to change the ownership of that volume -to be owned by the pod: - - -1. The owning GID will be the FSGroup -2. The setgid bit is set (new files created in the volume will be owned by FSGroup) -3. The permission bits are OR'd with rw-rw---- - - -If unset, the Kubelet will not modify the ownership and permissions of any volume. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
- 		false
fsGroupChangePolicypath string - fsGroupChangePolicy defines behavior of changing ownership and permission of the volume -before being exposed inside Pod. This field will only apply to -volume types which support fsGroup based ownership(and permissions). -It will have no effect on ephemeral volume types such as: secret, configmaps -and emptydir. -Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. -Note that this field cannot be set when spec.os.name is windows.
- 		false
runAsGroupinteger - The GID to run the entrypoint of the container process. -Uses runtime default if unset. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
-
- Format: int64
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
falsetrue
runAsNonRootbooleanfieldRefobject - Indicates that the container must run as a non-root user. -If true, the Kubelet will validate the image at runtime to ensure that it -does not run as UID 0 (root) and fail to start the container if it does. -If unset or false, no such validation will be performed. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
 false
runAsUsermode integer - The UID to run the entrypoint of the container process. -Defaults to user specified in image metadata if unspecified. -May also be set in SecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence -for that container. -Note that this field cannot be set when spec.os.name is windows.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

- Format: int64
- 		false
seLinuxOptionsobject - The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows.
+ Format: int32
 false
seccompProfileresourceFieldRef object - The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows.
- 		false
supplementalGroups[]integer - A list of groups applied to the first process run in each container, in addition -to the container's primary GID, the fsGroup (if specified), and group memberships -defined in the container image for the uid of the container process. If unspecified, -no additional groups are added to any container. Note that group memberships -defined in the container image for the uid of the container process are still effective, -even if they are not included in this list. -Note that this field cannot be set when spec.os.name is windows.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
sysctls[]object
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapiitemsindex) + + + +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. + + + + + + + + + + + + + - + - - + +
NameTypeDescriptionRequired
fieldPathstring - Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported -sysctls (by the container runtime) might fail to launch. -Note that this field cannot be set when spec.os.name is windows.
+ Path of the field to select in the specified API version.
falsetrue
windowsOptionsobjectapiVersionstring - The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.seLinuxOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapiitemsindex) -The SELinux context to be applied to all containers. -If unspecified, the container runtime will allocate a random SELinux context for each -container. May also be set in SecurityContext. If set in -both SecurityContext and PodSecurityContext, the value specified in SecurityContext -takes precedence for that container. -Note that this field cannot be set when spec.os.name is windows. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -23350,44 +33445,36 @@ Note that this field cannot be set when spec.os.name is windows. - - - - - - + - + - + - - + +
levelstring - Level is SELinux level label that applies to the container.
- 		false
roleresource string - Role is a SELinux role label that applies to the container.
+ Required: resource to select
falsetrue
typecontainerName string - Type is a SELinux type label that applies to the container.
+ Container name: required for volumes, optional for env vars
 false
userstringdivisorint or string - User is a SELinux user label that applies to the container.
+ Specifies the output format of the exposed resources, defaults to "1"
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.seccompProfile -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].secret +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) -The seccomp options to use by the containers in this pod. -Note that this field cannot be set when spec.os.name is windows. +secret information about the secret data to project @@ -23399,38 +33486,44 @@ Note that this field cannot be set when spec.os.name is windows. - + + + + + + - + - - + +
typeitems[]object + items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string - type indicates which kind of seccomp profile will be applied. -Valid options are: - - -Localhost - a profile defined in a file on the node should be used. -RuntimeDefault - the container runtime default profile should be used. -Unconfined - no profile should be applied.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
localhostProfilestringoptionalboolean - localhostProfile indicates a profile defined in a file on the node should be used. -The profile must be preconfigured on the node to work. -Must be a descending path, relative to the kubelet's configured seccomp profile location. -Must be set if type is "Localhost". Must NOT be set for any other type.
+ optional field specify whether the Secret or its key must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.sysctls[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].secret.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexsecret) -Sysctl defines a kernel parameter to be set +Maps a string key to a path within a volume. @@ -23442,32 +33535,46 @@ Sysctl defines a kernel parameter to be set - + - + + + + + +
namekey string - Name of a property to set
+ key is the key to project.
 true
valuepath string - Value of a property to set
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
modeinteger + mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.securityContext.windowsOptions -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecsecuritycontext) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].serviceAccountToken +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) -The Windows specific settings applied to all containers. -If unspecified, the options within a container's SecurityContext will be used. -If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. -Note that this field cannot be set when spec.os.name is linux. +serviceAccountToken is information about the serviceAccountToken data to project @@ -23479,52 +33586,47 @@ Note that this field cannot be set when spec.os.name is linux. - + - + - + - - - - - - - + +
gmsaCredentialSpecpath string - GMSACredentialSpec is where the GMSA admission webhook -(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the -GMSA credential spec named by the GMSACredentialSpecName field.
+ path is the path relative to the mount point of the file to project the +token into.
falsetrue
gmsaCredentialSpecNameaudience string - GMSACredentialSpecName is the name of the GMSA credential spec to use.
- 		false
hostProcessboolean - HostProcess determines if a container should be run as a 'Host Process' container. -All of a Pod's containers must have the same effective HostProcess value -(it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). -In addition, if HostProcess is true then HostNetwork must also be set to true.
+ audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
 false
runAsUserNamestringexpirationSecondsinteger - The UserName in Windows to run the entrypoint of the container process. -Defaults to the user specified in image metadata if unspecified. -May also be set in PodSecurityContext. If set in both SecurityContext and -PodSecurityContext, the value specified in SecurityContext takes precedence.
+ expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.
+
+ Format: int64
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.tolerations[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].quobyte +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . +quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -23536,61 +33638,64 @@ the triple using the matching operator . - + - + - + - + - + - - + + - + + + + + +
effectregistry string - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
falsetrue
keyvolume string - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ volume is a string that references an already created Quobyte volume by name.
falsetrue
operatorgroup string - Operator represents a key's relationship to the value. -Valid operators are Exists and Equal. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category.
+ group to map volume access to +Default is no group
 false
tolerationSecondsintegerreadOnlyboolean - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
-
- Format: int64
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
 false
valuetenant string - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
+ tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ 		false
userstring + user to map volume access to +Defaults to serivceaccount user
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].rbd +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -TopologySpreadConstraint specifies how to spread matching pods among the given topology. +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md @@ -23602,168 +33707,91 @@ TopologySpreadConstraint specifies how to spread matching pods among the given t - - + + - - + + - + - + - - + + - - + + - - + + - - + + - +
maxSkewintegerimagestring - MaxSkew describes the degree to which pods may be unevenly distributed. -When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference -between the number of matching pods in the target topology and the global minimum. -The global minimum is the minimum number of matching pods in an eligible domain -or zero if the number of eligible domains is less than MinDomains. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 2/2/1: -In this case, the global minimum is 1. -| zone1 | zone2 | zone3 | -| P P | P P | P | -- if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; -scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) -violate MaxSkew(1). -- if MaxSkew is 2, incoming pod can be scheduled onto any zone. -When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence -to topologies that satisfy it. -It's a required field. Default value is 1 and 0 is not allowed.
-
- Format: int32
+ image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
topologyKeystringmonitors[]string - TopologyKey is the key of node labels. Nodes that have a label with this key -and identical values are considered to be in the same topology. -We consider each as a "bucket", and try to put balanced number -of pods into each bucket. -We define a domain as a particular instance of a topology. -Also, we define an eligible domain as a domain whose nodes meet the requirements of -nodeAffinityPolicy and nodeTaintsPolicy. -e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. -And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. -It's a required field.
+ monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 true
whenUnsatisfiablefsType string - WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy -the spread constraint. -- DoNotSchedule (default) tells the scheduler not to schedule it. -- ScheduleAnyway tells the scheduler to schedule the pod in any location, - but giving higher precedence to topologies that would help reduce the - skew. -A constraint is considered "Unsatisfiable" for an incoming pod -if and only if every possible node assignment for that pod would violate -"MaxSkew" on some topology. -For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same -labelSelector spread as 3/1/1: -| zone1 | zone2 | zone3 | -| P P P | P | P | -If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled -to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies -MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler -won't make it *more* imbalanced. -It's a required field.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
truefalse
labelSelectorobjectkeyringstring - LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain.
+ keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
matchLabelKeys[]stringpoolstring - MatchLabelKeys is a set of pod label keys to select the pods over which -spreading will be calculated. The keys are used to lookup values from the -incoming pod labels, those key-value labels are ANDed with labelSelector -to select the group of existing pods over which spreading will be calculated -for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. -MatchLabelKeys cannot be set when LabelSelector isn't set. -Keys that don't exist in the incoming pod labels will -be ignored. A null or empty list means only match against labelSelector. - - -This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+ pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
minDomainsintegerreadOnlyboolean - MinDomains indicates a minimum number of eligible domains. -When the number of eligible domains with matching topology keys is less than minDomains, -Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed. -And when the number of eligible domains with matching topology keys equals or greater than minDomains, -this value has no effect on scheduling. -As a result, when the number of eligible domains is less than minDomains, -scheduler won't schedule more than maxSkew Pods to those domains. -If value is nil, the constraint behaves as if MinDomains is equal to 1. -Valid values are integers greater than 0. -When value is not nil, WhenUnsatisfiable must be DoNotSchedule. - - -For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same -labelSelector spread as 2/2/2: -| zone1 | zone2 | zone3 | -| P P | P P | P P | -The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0. -In this situation, new pod with the same labelSelector cannot be scheduled, -because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, -it will violate MaxSkew. - - -This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).
-
- Format: int32
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
nodeAffinityPolicystringsecretRefobject - NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector -when calculating pod topology spread skew. Options are: -- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. -- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. - - -If this value is nil, the behavior is equivalent to the Honor policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
nodeTaintsPolicyuser string - NodeTaintsPolicy indicates how we will treat node taints when calculating -pod topology spread skew. Options are: -- Honor: nodes without taints, along with tainted nodes for which the incoming pod -has a toleration, are included. -- Ignore: node taints are ignored. All nodes are included. - - -If this value is nil, the behavior is equivalent to the Ignore policy. -This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+ user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index].labelSelector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespectopologyspreadconstraintsindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].rbd.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexrbd) -LabelSelector is used to find matching pods. -Pods that match this label selector are counted to determine the number of pods -in their corresponding topology domain. +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -23775,32 +33803,24 @@ in their corresponding topology domain. - - - - - - - + +
matchExpressions[]object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
- 		false
matchLabelsmap[string]stringnamestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.topologySpreadConstraints[index].labelSelector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespectopologyspreadconstraintsindexlabelselector) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].scaleIO +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. @@ -23812,326 +33832,332 @@ relates the key and values. - + - - + + - - - - - -
keygateway string - key is the label key that the selector applies to.
+ gateway is the host address of the ScaleIO API Gateway.
 true
operatorstringsecretRefobject - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
 true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
- 		false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespec) - - - -Volume represents a named volume in a pod that may be accessed by any container in the pod. - - - - - - - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + + - - + + - - - + + - - + + - - + + - - + + - - - + +
NameTypeDescriptionRequired
namesystem string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ system is the name of the storage system as configured in ScaleIO.
 true
awsElasticBlockStoreobject - awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
- 		false
azureDiskobject - azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
- 		false
azureFileobject - azureFile represents an Azure File Service mount on the host and bind mount to the pod.
- 		false
cephfsobject - cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
- 		false
cinderobject - cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- 		false
configMapobject - configMap represents a configMap that should populate this volume
- 		false
csiobject - csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
- 		false
downwardAPIobject - downwardAPI represents downward API about the pod that should populate this volume
- 		false
emptyDirobjectfsTypestring - emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
ephemeralobjectprotectionDomainstring - ephemeral represents a volume that is handled by a cluster storage driver. -The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, -and deleted when the pod is removed. - - -Use this if: -a) the volume is only needed while the pod runs, -b) features of normal volumes like restoring from snapshot or capacity - tracking are needed, -c) the storage driver is specified through a storage class, and -d) the storage driver supports dynamic volume provisioning through - a PersistentVolumeClaim (see EphemeralVolumeSource for more - information on the connection between this volume type - and PersistentVolumeClaim). - - -Use PersistentVolumeClaim or one of the vendor-specific -APIs for volumes that persist for longer than the lifecycle -of an individual pod. - - -Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to -be used that way - see the documentation of the driver for -more information. - - -A pod can use both types of ephemeral volumes and -persistent volumes at the same time.
+ protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
 false
fcobjectreadOnlyboolean - fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
flexVolumeobject - flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin.
+ 		sslEnabledboolean + sslEnabled Flag enable/disable SSL communication with Gateway, default false
 false
flockerobjectstorageModestring - flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
gcePersistentDiskobjectstoragePoolstring - gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ storagePool is the ScaleIO Storage Pool associated with the protection domain.
 false
gitRepoobjectvolumeNamestring - gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container.
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
glusterfsobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].scaleIO.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexscaleio) + + + +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. + + + + + + + + + + + + + - - - + +
NameTypeDescriptionRequired
namestring - glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
hostPathobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].secret +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) + + + +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + + + + + + + + + + + + + - - + + - - + + - - + + - - - + +
NameTypeDescriptionRequired
defaultModeinteger - hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write.
+ defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
iscsiobjectitems[]object - iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md
+ items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
nfsobjectoptionalboolean - nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ optional field specify whether the Secret or its keys must be defined
 false
persistentVolumeClaimobjectsecretNamestring - persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
photonPersistentDiskobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].secret.items[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexsecret) + + + +Maps a string key to a path within a volume. + + + + + + + + + + + + + - + - - + + - + - - + + - - - + +
NameTypeDescriptionRequired
keystring - photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ key is the key to project.
falsetrue
portworxVolumeobjectpathstring - portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
projectedobjectmodeinteger - projected items for all in one resources secrets, configmaps, and downward API
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
quobyteobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].storageos +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) + + + +storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. + + + + + + + + + + + + + - - + + - + - - + + - - + + - - - + +
NameTypeDescriptionRequired
fsTypestring - quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
rbdobjectreadOnlyboolean - rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
scaleIOsecretRef object - scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
secretobjectvolumeNamestring - secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
storageosobjectvolumeNamespacestring - storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
vsphereVolumeobject
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].storageos.secretRef +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexstorageos) + + + +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring - vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].awsElasticBlockStore +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].vsphereVolume [↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) -awsElasticBlockStore represents an AWS Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine @@ -24143,54 +34169,55 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst - + - - + + - - + +
volumeIDvolumePath string - volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ volumePath is the path that identifies vSphere volume vmdk
 true
fsType string - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore -TODO: how do we prevent errors in the filesystem from compromising the machine
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
partitionintegerstoragePolicyIDstring - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
-
- Format: int32
+ storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
 false
readOnlybooleanstoragePolicyNamestring - readOnly value true will force the readOnly setting in VolumeMounts. -More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ storagePolicyName is the storage Policy Based Management (SPBM) profile name.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].azureDisk -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) -azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. +Specifies the policy of handling failed pods. In particular, it allows to +specify the set of actions and conditions which need to be +satisfied to take the associated action. +If empty, the default behaviour applies - the counter of failed pods, +represented by the jobs's .status.failed field, is incremented and it is +checked against the backoffLimit. This field cannot be used in combination +with restartPolicy=OnFailure. + + +This field is beta-level. It can be used when the `JobPodFailurePolicy` +feature gate is enabled (enabled by default). @@ -24202,60 +34229,146 @@ azureDisk represents an Azure Data Disk mount on the host and bind mount to the - - + + - - + +
diskNamestringrules[]object - diskName is the Name of the data disk in the blob storage
+ A list of pod failure policy rules. The rules are evaluated in order. +Once a rule matches a Pod failure, the remaining of the rules are ignored. +When no rule matches the Pod failure, the default handling applies - the +counter of pod failures is incremented and it is checked against +the backoffLimit. At most 20 elements are allowed.
 true
diskURI
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicy) + + + +PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. +One of onExitCodes and onPodConditions, but not both, can be used in each rule. + + + + + + + + + + + + - - + + - - + + - - + +
NameTypeDescriptionRequired
action string - diskURI is the URI of data disk in the blob storage
+ Specifies the action taken on a pod failure when the requirements are satisfied. +Possible values are: + + +- FailJob: indicates that the pod's job is marked as Failed and all + running pods are terminated. +- FailIndex: indicates that the pod's index is marked as Failed and will + not be restarted. + This value is alpha-level. It can be used when the + `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). +- Ignore: indicates that the counter towards the .backoffLimit is not + incremented and a replacement pod is created. +- Count: indicates that the pod is handled in the default way - the + counter towards the .backoffLimit is incremented. +Additional values are considered to be added in the future. Clients should +react to an unknown action by skipping the rule.
 true
cachingModestringonExitCodesobject - cachingMode is the Host Caching mode: None, Read Only, Read Write.
+ Represents the requirement on the container exit codes.
 false
fsTypestringonPodConditions[]object - fsType is Filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ Represents the requirement on the pod conditions. The requirement is represented +as a list of pod condition patterns. The requirement is satisfied if at +least one pattern matches an actual pod condition. At most 20 elements are allowed.
 false
kind
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index].onExitCodes +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicyrulesindex) + + + +Represents the requirement on the container exit codes. + + + + + + + + + + + + - + - - + + + + + + +
NameTypeDescriptionRequired
operator string - kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+ Represents the relationship between the container exit code(s) and the +specified values. Containers completed with success (exit code 0) are +excluded from the requirement check. Possible values are: + + +- In: the requirement is satisfied if at least one container exit code + (might be multiple if there are multiple containers not restricted + by the 'containerName' field) is in the set of specified values. +- NotIn: the requirement is satisfied if at least one container exit code + (might be multiple if there are multiple containers not restricted + by the 'containerName' field) is not in the set of specified values. +Additional values are considered to be added in the future. Clients should +react to an unknown operator by assuming the requirement is not satisfied.
falsetrue
readOnlybooleanvalues[]integer - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ Specifies the set of values. Each returned container exit code (might be +multiple in case of multiple containers) is checked against this set of +values with respect to the operator. The list of values must be ordered +and must not contain duplicates. Value '0' cannot be used for the In operator. +At least one element is required. At most 255 elements are allowed.
+ 		true
containerNamestring + Restricts the check for exit codes to the container with the +specified name. When null, the rule applies to all containers. +When specified, it should match one the container or initContainer +names in the pod template.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].azureFile -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index].onPodConditions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicyrulesindex) -azureFile represents an Azure File Service mount on the host and bind mount to the pod. +PodFailurePolicyOnPodConditionsPattern describes a pattern for matching +an actual pod condition type. @@ -24267,37 +34380,71 @@ azureFile represents an Azure File Service mount on the host and bind mount to t - + - + + +
secretNamestatus string - secretName is the name of secret that contains Azure Storage Account Name and Key
+ Specifies the required Pod condition status. To match a pod condition +it is required that the specified status equals the pod condition status. +Defaults to True.
 true
shareNametype string - shareName is the azure share Name
+ Specifies the required Pod condition type. To match a pod condition +it is required that specified type equals the pod condition type.
 true
+ + +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.selector +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) + + + +A label query over pods that should match the pod count. +Normally, the system sets this field for you. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors + + + + + + + + + + + + + + + - - + +
NameTypeDescriptionRequired
matchExpressions[]object + matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ 		false
readOnlybooleanmatchLabelsmap[string]string - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cephfs -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecselector) -cephFS represents a Ceph FS mount on the host that shares a pod's lifetime +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -24309,64 +34456,41 @@ cephFS represents a Ceph FS mount on the host that shares a pod's lifetime - - - - - - + - - - - - - + - + - - - - - - + - - + +
monitors[]string - monitors is Required: Monitors is a collection of Ceph monitors -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- 		true
pathkey string - path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
- 		false
readOnlyboolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ key is the label key that the selector applies to.
falsetrue
secretFileoperator string - secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
- 		false
secretRefobject - secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
falsetrue
userstringvalues[]string - user is optional: User is the rados user name, default is admin -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cephfs.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcephfs) +### RemoteMachine.spec.sshKeyRef +[↩ Parent](#remotemachinespec) -secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. -More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it +SSHKeyRef is a reference to a secret that contains the SSH private key. +The key must be placed on the secret using the key "value". @@ -24381,22 +34505,19 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - +
name string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Name is the name of the secret.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cinder -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachine.status +[↩ Parent](#remotemachine) -cinder represents a cinder volume attached and mounted on kubelets host machine. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md +RemoteMachineStatus defines the observed state of RemoteMachine @@ -24408,51 +34529,38 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md - + - + - + - + - - - - -
volumeIDfailureMessage string - volumeID used to identify the volume in cinder. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
truefalse
fsTypefailureReason string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+
false
readOnlyready boolean - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts. -More info: https://examples.k8s.io/mysql-cinder-pd/README.md
- 		false
secretRefobject - secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack.
+ Ready denotes that the remote machine is ready to be used.
 false
+## RemoteMachineTemplate +[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) + + + -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].cinder.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcinder) -secretRef is optional: points to a secret object containing parameters used to connect -to OpenStack. @@ -24464,24 +34572,39 @@ to OpenStack. - - + + + + + + + + + + + + + + + + + + +
namestringapiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteMachineTemplatetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+
false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].configMap -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachineTemplate.spec +[↩ Parent](#remotemachinetemplate) + -configMap represents a configMap that should populate this volume @@ -24493,59 +34616,22 @@ configMap represents a configMap that should populate this volume - - + + - - - - - - - - - - - - - - - - +
defaultModeintegertemplateobject - defaultMode is optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
- 		false
items[]object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
- 		false
namestring - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
- 		false
optionalboolean - optional specify whether the ConfigMap or its keys must be defined
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].configMap.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexconfigmap) +### RemoteMachineTemplate.spec.template +[↩ Parent](#remotemachinetemplatespec) + -Maps a string key to a path within a volume. @@ -24557,46 +34643,29 @@ Maps a string key to a path within a volume. - - - - - - - + + - + - - + +
keystring - key is the key to project.
- 		true
pathstringmetadataobject - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+
truefalse
modeintegerspecobject - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].csi -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### RemoteMachineTemplate.spec.template.metadata +[↩ Parent](#remotemachinetemplatespectemplate) + -csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). @@ -24608,63 +34677,50 @@ csi (Container Storage Interface) represents ephemeral storage that is handled b - - + + - + - - + + - - + + - - + + - - + +
driverstringannotationsmap[string]string - driver is the name of the CSI driver that handles this volume. -Consult with your admin for the correct name as registered in the cluster.
+
truefalse
fsTypestringfinalizers[]string - fsType to mount. Ex. "ext4", "xfs", "ntfs". -If not provided, the empty value is passed to the associated CSI driver -which will determine the default filesystem to apply.
+
false
nodePublishSecretRefobjectlabelsmap[string]string - nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed.
+
false
readOnlybooleannamestring - readOnly specifies a read-only configuration for the volume. -Defaults to false (read/write).
+
false
volumeAttributesmap[string]stringnamespacestring - volumeAttributes stores driver-specific properties that are passed to the CSI -driver. Consult your driver's documentation for supported values.
+
false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].csi.nodePublishSecretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexcsi) +### RemoteMachineTemplate.spec.template.spec +[↩ Parent](#remotemachinetemplatespectemplate) + -nodePublishSecretRef is a reference to the secret object containing -sensitive information to pass to the CSI driver to complete the CSI -NodePublishVolume and NodeUnpublishVolume calls. -This field is optional, and may be empty if no secret is required. If the -secret object contains more than one secret, all secret references are passed. @@ -24676,24 +34732,88 @@ secret object contains more than one secret, all secret references are passed. - + + + +
namepool string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+
+ 		true
+ +# k0smotron.io/v1beta1 + +Resource Types: + +- [Cluster](#cluster) + +- [JoinTokenRequest](#jointokenrequest) + + + + +## Cluster +[↩ Parent](#k0smotroniov1beta1 ) + + + + + + +Cluster is the Schema for the k0smotronclusters API + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringk0smotron.io/v1beta1true
kindstringClustertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject + ClusterSpec defines the desired state of K0smotronCluster
+
+ Default: map[service:map[type:NodePort]]
+ 		false
statusobject + ClusterStatus defines the observed state of K0smotronCluster
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec +[↩ Parent](#cluster) -downwardAPI represents downward API about the pod that should populate this volume +ClusterSpec defines the desired state of K0smotronCluster @@ -24705,38 +34825,161 @@ downwardAPI represents downward API about the pod that should populate this volu - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - + + + + + + + + + + + +
defaultModecertificateRefs[]object + CertificateRefs defines the certificate references.
+ 		false
controllerPlaneFlags[]string + ControlPlaneFlags allows to configure additional flags for k0s +control plane and to override existing ones. The default flags are +kept unless they are overriden explicitly. Flags with arguments must +be specified as a single string, e.g. --some-flag=argument
+ 		false
etcdobject + Etcd defines the etcd configuration.
+
+ Default: map[image:quay.io/k0sproject/etcd:v3.5.13 persistence:map[]]
+ 		false
externalAddressstring + ExternalAddress defines k0s external address. See https://docs.k0sproject.io/stable/configuration/#specapi +Will be detected automatically for service type LoadBalancer.
+ 		false
imagestring + Image defines the k0s image to be deployed. If empty k0smotron +will pick it automatically. Must not include the image tag.
+
+ Default: k0sproject/k0s
+ 		false
k0sConfigobject + k0sConfig defines the k0s configuration. Note, that some fields will be overwritten by k0smotron. +If empty, will be used default configuration. @see https://docs.k0sproject.io/stable/configuration/
+ 		false
kineDataSourceSecretNamestring + KineDataSourceSecretName defines the name of kine datasource URL secret. +KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup +and one of them must be set if replicas > 1.
+ 		false
kineDataSourceURLstring + KineDataSourceURL defines the kine datasource URL. +KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup +and one of them must be set if replicas > 1.
+ 		false
manifests[]object + Manifests allows to specify list of volumes with manifests to be +deployed in the cluster. The volumes will be mounted +in /var/lib/k0s/manifests/, for this reason each +manifest is a stack. K0smotron allows any kind of volume, but the +recommendation is to use secrets and configmaps. +For more information check: +https://docs.k0sproject.io/stable/manifests/ and +https://kubernetes.io/docs/concepts/storage/volumes
+ 		false
monitoringobject + Monitoring defines the monitoring configuration.
+ 		false
mounts[]object + Mounts allows to specify list of volumes with any files to be +mounted in the controlplane pod. K0smotron allows any kind of volume, but the +recommendation is to use secrets and configmaps. +For more information check: +https://kubernetes.io/docs/concepts/storage/volumes
+ 		false
persistenceobject + Persistence defines the persistence configuration. If empty k0smotron +will use emptyDir as a volume.
+ 		false
replicas integer - Optional: mode bits to use on created files by default. Must be a -Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ Replicas is the desired number of replicas of the k0s control planes. +If unspecified, defaults to 1. If the value is above 1, k0smotron requires kine datasource URL to be set. +Recommended value is 3.

Format: int32
+ Default: 1
 false
items[]objectresourcesobject - Items is a list of downward API volume file
+ Resources describes the compute resource requirements for the control plane pods.
+ 		false
serviceobject + Service defines the service configuration.
+
+ Default: map[apiPort:30443 konnectivityPort:30132 type:ClusterIP]
+ 		false
versionstring + Version defines the k0s version to be deployed. If empty k0smotron +will pick it automatically.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapi) +### Cluster.spec.certificateRefs[index] +[↩ Parent](#clusterspec) + -DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -24748,51 +34991,31 @@ DownwardAPIVolumeFile represents information to create the file containing the p - - + + - - - - - - - + + - - - - -
pathstringtypeenum - Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
+
+
+ Enum: ca, sa, proxy, etcd, apiserver-etcd-client, etcd-peer, etcd-server
 true
fieldRefobject - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
- 		false
modeintegernamestring - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.

- Format: int32
- 		false
resourceFieldRefobject - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index].fieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapiitemsindex) +### Cluster.spec.etcd +[↩ Parent](#clusterspec) -Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +Etcd defines the etcd configuration. @@ -24804,30 +35027,38 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa - + - - + + + + + + +
fieldPathimage string - Path of the field to select in the specified API version.
+ Image defines the etcd image to be deployed.
+
+ Default: quay.io/k0sproject/etcd:v3.5.13
 true
apiVersionstringargs[]string - Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ Args defines the etcd arguments.
+ 		false
persistenceobject + Persistence defines the persistence configuration.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexdownwardapiitemsindex) +### Cluster.spec.etcd.persistence +[↩ Parent](#clusterspecetcd) -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +Persistence defines the persistence configuration. @@ -24839,37 +35070,31 @@ Selects a resource of the container: only resources limits and requests - - - - - - - + + - - + +
resourcestring - Required: resource to select
- 		true
containerNamestringsizeint or string - Container name: required for volumes, optional for env vars
+ Size defines the size of the etcd volume. Default: 1Gi
+
+ Default: 1Gi
 false
divisorint or stringstorageClassstring - Specifies the output format of the exposed resources, defaults to "1"
+ StorageClass defines the storage class to be used for etcd persistence. If empty, will be used the default storage class.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].emptyDir -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index] +[↩ Parent](#clusterspec) -emptyDir represents a temporary directory that shares a pod's lifetime. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir +Volume represents a named volume in a pod that may be accessed by any container in the pod. @@ -24881,37 +35106,86 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - + + + + + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - -
mediumname string - medium represents what type of storage medium should back this directory. -The default is "" which means to use the node's default medium. -Must be an empty string (default) or Memory. -More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+ name of the volume. +Must be a DNS_LABEL and unique within the pod. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ 		true
awsElasticBlockStoreobject + awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
sizeLimitint or stringazureDiskobject - sizeLimit is the total amount of local storage required for this EmptyDir volume. -The size limit is also applicable for memory medium. -The maximum usage on memory medium EmptyDir would be the minimum value between -the SizeLimit specified here and the sum of memory limits of all containers in a pod. -The default is nil which means that the limit is undefined. + azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
+ 		false
azureFileobject + azureFile represents an Azure File Service mount on the host and bind mount to the pod.
+ 		false
cephfsobject + cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
+ 		false
cinderobject + cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
configMapobject + configMap represents a configMap that should populate this volume
+ 		false
csiobject + csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
+ 		false
downwardAPIobject + downwardAPI represents downward API about the pod that should populate this volume
+ 		false
emptyDirobject + emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) - - - -ephemeral represents a volume that is handled by a cluster storage driver. + + ephemeral + object + + ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. @@ -24938,241 +35212,234 @@ more information. A pod can use both types of ephemeral volumes and -persistent volumes at the same time. - - - - - - - - - - - - +persistent volumes at the same time.
+ + + + - -
NameTypeDescriptionRequired
volumeClaimTemplatefalse
fc object - Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil.
+ fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeral) - - - -Will be used to create a stand-alone PVC to provision the volume. -The pod in which this EphemeralVolumeSource is embedded will be the -owner of the PVC, i.e. the PVC will be deleted together with the -pod. The name of the PVC will be `-` where -`` is the name from the `PodSpec.Volumes` array -entry. Pod validation will reject the pod if the concatenated name -is not valid for a PVC (for example, too long). - - -An existing PVC with that name that is not owned by the pod -will *not* be used for the pod to avoid using an unrelated -volume by mistake. Starting the pod is then blocked until -the unrelated PVC is removed. If such a pre-created PVC is -meant to be used by the pod, the PVC has to updated with an -owner reference to the pod once the pod exists. Normally -this should not be necessary, but it may be useful when -manually reconstructing a broken cluster. - - -This field is read-only and no changes will be made by Kubernetes -to the PVC after it has been created. - - -Required, must not be nil. - - - - - - - - - - - - + + - + - + - -
NameTypeDescriptionRequired
spec
flexVolume object - The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here.
+ flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin.
truefalse
metadataflocker object - May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation.
+ flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
 false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplate) - - - -The specification for the PersistentVolumeClaim. The entire content is -copied unchanged into the PVC that gets created from this -template. The same fields as in a PersistentVolumeClaim -are also valid here. - - - - - - - - - - - - - + + + - + - + - + - + - - + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessModes[]string
gcePersistentDiskobject - accessModes contains the desired access modes the volume should have. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 false
dataSourcegitRepo object - dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container.
 false
dataSourceRefglusterfs object - dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
resourceshostPath object - resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write.
 false
selectoriscsi object - selector is a label query over volumes to consider for binding.
+ iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
storageClassNamestringnfsobject - storageClassName is the name of the StorageClass required by the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+ nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
volumeModepersistentVolumeClaimobject + persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ 		false
photonPersistentDiskobject + photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
+ 		false
portworxVolumeobject + portworxVolume represents a portworx volume attached and mounted on kubelets host machine
+ 		false
projectedobject + projected items for all in one resources secrets, configmaps, and downward API
+ 		false
quobyteobject + quobyte represents a Quobyte mount on the host that shares a pod's lifetime
+ 		false
rbdobject + rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md
+ 		false
scaleIOobject + scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
+ 		false
secretobject + secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
storageosobject + storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
+ 		false
vsphereVolumeobject + vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
+ 		false
+ + +### Cluster.spec.manifests[index].awsElasticBlockStore +[↩ Parent](#clusterspecmanifestsindex) + + + +awsElasticBlockStore represents an AWS Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + + + + + + + + + + + + + + + + + + + + + + - - + +
NameTypeDescriptionRequired
volumeIDstring + volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+ 		true
fsType string - volumeMode defines what type of volume is required by the claim. -Value of Filesystem is implied when not included in claim spec.
+ fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
partitioninteger + partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+
+ Format: int32
 false
volumeNamestringreadOnlyboolean - volumeName is the binding reference to the PersistentVolume backing this claim.
+ readOnly value true will force the readOnly setting in VolumeMounts. +More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.dataSource -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.manifests[index].azureDisk +[↩ Parent](#clusterspecmanifestsindex) -dataSource field can be used to specify either: -* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) -* An existing PVC (PersistentVolumeClaim) -If the provisioner or an external controller can support the specified data source, -it will create a new volume based on the contents of the specified data source. -When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, -and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. -If the namespace is specified, then dataSourceRef will not be copied to dataSource. +azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. @@ -25184,60 +35451,60 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour - + - + - + + + + + + + + + + + + + + + +
kinddiskName string - Kind is the type of resource being referenced
+ diskName is the Name of the data disk in the blob storage
 true
namediskURI string - Name is the name of resource being referenced
+ diskURI is the URI of data disk in the blob storage
 true
apiGroupcachingMode string - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
+ cachingMode is the Host Caching mode: None, Read Only, Read Write.
+ 		false
fsTypestring + fsType is Filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ 		false
kindstring + kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared
+ 		false
readOnlyboolean + readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.manifests[index].azureFile +[↩ Parent](#clusterspecmanifestsindex) -dataSourceRef specifies the object from which to populate the volume with data, if a non-empty -volume is desired. This may be any object from a non-empty API group (non -core object) or a PersistentVolumeClaim object. -When this field is specified, volume binding will only succeed if the type of -the specified object matches some installed volume populator or dynamic -provisioner. -This field will replace the functionality of the dataSource field and as such -if both fields are non-empty, they must have the same value. For backwards -compatibility, when namespace isn't specified in dataSourceRef, -both fields (dataSource and dataSourceRef) will be set to the same -value automatically if one of them is empty and the other is non-empty. -When namespace is specified in dataSourceRef, -dataSource isn't set to the same value and must be empty. -There are three important differences between dataSource and dataSourceRef: -* While dataSource only allows two specific types of objects, dataSourceRef - allows any non-core object, as well as PersistentVolumeClaim objects. -* While dataSource ignores disallowed values (dropping them), dataSourceRef - preserves all values, and generates an error if a disallowed value is - specified. -* While dataSource only allows local objects, dataSourceRef allows objects - in any namespaces. -(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. -(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. +azureFile represents an Azure File Service mount on the host and bind mount to the pod. @@ -25249,51 +35516,37 @@ There are three important differences between dataSource and dataSourceRef: - + - + - - - - - - - + +
kindsecretName string - Kind is the type of resource being referenced
+ secretName is the name of secret that contains Azure Storage Account Name and Key
 true
nameshareName string - Name is the name of resource being referenced
+ shareName is the azure share Name
 true
apiGroupstring - APIGroup is the group for the resource being referenced. -If APIGroup is not specified, the specified Kind must be in the core API group. -For any other third-party types, APIGroup is required.
- 		false
namespacestringreadOnlyboolean - Namespace is the namespace of resource being referenced -Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. -(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.resources -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.manifests[index].cephfs +[↩ Parent](#clusterspecmanifestsindex) -resources represents the minimum resources the volume should have. -If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements -that are lower than previous value but must still be higher than capacity recorded in the -status field of the claim. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources +cephFS represents a Ceph FS mount on the host that shares a pod's lifetime @@ -25305,48 +35558,64 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour - - + + + + + + + - - + + - - + + + + + + + + + + + +
claims[]objectmonitors[]string - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - - -This is an alpha field and requires enabling the -DynamicResourceAllocation feature gate. - - -This field is immutable. It can only be set for containers.
+ monitors is Required: Monitors is a collection of Ceph monitors +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		true
pathstring + path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /
 false
limitsmap[string]int or stringreadOnlyboolean - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
requestsmap[string]int or stringsecretFilestring - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
secretRefobject + secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+ 		false
userstring + user is optional: User is the rados user name, default is admin +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespecresources) +### Cluster.spec.manifests[index].cephfs.secretRef +[↩ Parent](#clusterspecmanifestsindexcephfs) -ResourceClaim references one entry in PodSpec.ResourceClaims. +secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. +More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it @@ -25361,21 +35630,22 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. - +
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.selector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.manifests[index].cinder +[↩ Parent](#clusterspecmanifestsindex) -selector is a label query over volumes to consider for binding. +cinder represents a cinder volume attached and mounted on kubelets host machine. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md @@ -25387,32 +35657,51 @@ selector is a label query over volumes to consider for binding. - - + + + + + + + - - + + + + + + +
matchExpressions[]objectvolumeIDstring - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ volumeID used to identify the volume in cinder. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
matchLabelsmap[string]stringreadOnlyboolean - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts. +More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+ 		false
secretRefobject + secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplatespecselector) +### Cluster.spec.manifests[index].cinder.secretRef +[↩ Parent](#clusterspecmanifestsindexcinder) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +secretRef is optional: points to a secret object containing parameters used to connect +to OpenStack. @@ -25424,42 +35713,24 @@ relates the key and values. - - - - - - + - - - - -
keystring - key is the label key that the selector applies to.
- 		true
operatorname string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
- 		true
values[]string - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].ephemeral.volumeClaimTemplate.metadata -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexephemeralvolumeclaimtemplate) +### Cluster.spec.manifests[index].configMap +[↩ Parent](#clusterspecmanifestsindex) -May contain labels and annotations that will be copied into the PVC -when creating it. No other fields are allowed and will be rejected during -validation. +configMap represents a configMap that should populate this volume @@ -25471,50 +35742,59 @@ validation. - - - - - - - + + - - + + - - + +
annotationsmap[string]string -
- 		false
finalizers[]stringdefaultModeinteger + defaultMode is optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

+ Format: int32
 false
labelsmap[string]stringitems[]object -
+ items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
name string -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
namespacestringoptionalboolean -
+ optional specify whether the ConfigMap or its keys must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].fc -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].configMap.items[index] +[↩ Parent](#clusterspecmanifestsindexconfigmap) -fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. +Maps a string key to a path within a volume. @@ -25526,58 +35806,46 @@ fc represents a Fibre Channel resource that is attached to a kubelet's host mach - + - - - - - - - - - - - + - - + + - + - - + +
fsTypekey string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -TODO: how do we prevent errors in the filesystem from compromising the machine
- 		false
luninteger - lun is Optional: FC target lun number
-
- Format: int32
- 		false
readOnlyboolean - readOnly is Optional: Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ key is the key to project.
falsetrue
targetWWNs[]stringpathstring - targetWWNs is Optional: FC target worldwide names (WWNs)
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
wwids[]stringmodeinteger - wwids Optional: FC volume world wide identifiers (wwids) -Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flexVolume -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].csi +[↩ Parent](#clusterspecmanifestsindex) -flexVolume represents a generic volume resource that is -provisioned/attached using an exec based plugin. +csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). @@ -25592,58 +35860,60 @@ provisioned/attached using an exec based plugin. - - + + - - + +
driver string - driver is the name of the driver to use for this volume.
+ driver is the name of the CSI driver that handles this volume. +Consult with your admin for the correct name as registered in the cluster.
 true
fsType string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ fsType to mount. Ex. "ext4", "xfs", "ntfs". +If not provided, the empty value is passed to the associated CSI driver +which will determine the default filesystem to apply.
 false
optionsmap[string]stringnodePublishSecretRefobject - options is Optional: this field holds extra command options if any.
+ nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed.
 false
readOnly boolean - readOnly is Optional: defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ readOnly specifies a read-only configuration for the volume. +Defaults to false (read/write).
 false
secretRefobjectvolumeAttributesmap[string]string - secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts.
+ volumeAttributes stores driver-specific properties that are passed to the CSI +driver. Consult your driver's documentation for supported values.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flexVolume.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexflexvolume) +### Cluster.spec.manifests[index].csi.nodePublishSecretRef +[↩ Parent](#clusterspecmanifestsindexcsi) -secretRef is Optional: secretRef is reference to the secret object containing -sensitive information to pass to the plugin scripts. This may be -empty if no secret object is specified. If the secret object -contains more than one secret, all secrets are passed to the plugin -scripts. +nodePublishSecretRef is a reference to the secret object containing +sensitive information to pass to the CSI driver to complete the CSI +NodePublishVolume and NodeUnpublishVolume calls. +This field is optional, and may be empty if no secret is required. If the +secret object contains more than one secret, all secret references are passed. @@ -25667,49 +35937,12 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].flocker -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) - - - -flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
datasetNamestring - datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker -should be considered as deprecated
- 		false
datasetUUIDstring - datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
- 		false
- - -### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].gcePersistentDisk -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].downwardAPI +[↩ Parent](#clusterspecmanifestsindex) -gcePersistentDisk represents a GCE Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +downwardAPI represents downward API about the pod that should populate this volume @@ -25721,59 +35954,38 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - - - - - - - - - - - + - - + +
pdNamestring - pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
- 		true
fsTypestring - fsType is filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -TODO: how do we prevent errors in the filesystem from compromising the machine
- 		false
partitiondefaultMode integer - partition is the partition in the volume that you want to mount. -If omitted, the default is to mount by volume name. -Examples: For volume /dev/sda1, you specify the partition as "1". -Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ Optional: mode bits to use on created files by default. Must be a +Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 false
readOnlybooleanitems[]object - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ Items is a list of downward API volume file
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].gitRepo -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].downwardAPI.items[index] +[↩ Parent](#clusterspecmanifestsindexdownwardapi) -gitRepo represents a git repository at a particular revision. -DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an -EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir -into the Pod's container. +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -25785,40 +35997,51 @@ into the Pod's container. - + - - + + - - + + + + + + +
repositorypath string - repository is the URL
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
 true
directorystringfieldRefobject - directory is the target directory name. -Must not contain or start with '..'. If '.' is supplied, the volume directory will be the -git repository. Otherwise, if specified, the volume will contain the git repository in -the subdirectory with the given name.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
 false
revisionstringmodeinteger - revision is the commit hash for the specified revision.
+ Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].glusterfs -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].downwardAPI.items[index].fieldRef +[↩ Parent](#clusterspecmanifestsindexdownwardapiitemsindex) -glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/glusterfs/README.md +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -25830,47 +36053,30 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md - + - + - - - - -
endpointsfieldPath string - endpoints is the endpoint name that details Glusterfs topology. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ Path of the field to select in the specified API version.
 true
pathapiVersion string - path is the Glusterfs volume path. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
- 		true
readOnlyboolean - readOnly here will force the Glusterfs volume to be mounted with read-only permissions. -Defaults to false. -More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].hostPath -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#clusterspecmanifestsindexdownwardapiitemsindex) -hostPath represents a pre-existing file or directory on the host -machine that is directly exposed to the container. This is generally -used for system agents or other privileged things that are allowed -to see the host machine. Most containers will NOT need this. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath ---- -TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not -mount host directories as read/write. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -25882,35 +36088,37 @@ mount host directories as read/write. - + - + + + + + +
pathresource string - path of the directory on the host. -If the path is a symlink, it will follow the link to the real path. -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ Required: resource to select
 true
typecontainerName string - type for HostPath Volume -Defaults to "" -More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+ Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].iscsi -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].emptyDir +[↩ Parent](#clusterspecmanifestsindex) -iscsi represents an ISCSI Disk resource that is attached to a -kubelet's host machine and then exposed to the pod. -More info: https://examples.k8s.io/volumes/iscsi/README.md +emptyDir represents a temporary directory that shares a pod's lifetime. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir @@ -25922,104 +36130,64 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - + +
iqnstring - iqn is the target iSCSI Qualified Name.
- 		true
luninteger - lun represents iSCSI Target Lun number.
-
- Format: int32
- 		true
targetPortalstring - targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
- 		true
chapAuthDiscoveryboolean - chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
- 		false
chapAuthSessionboolean - chapAuthSession defines whether support iSCSI Session CHAP authentication
- 		false
fsTypestring - fsType is the filesystem type of the volume that you want to mount. -Tip: Ensure that the filesystem type is supported by the host operating system. -Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi -TODO: how do we prevent errors in the filesystem from compromising the machine
- 		false
initiatorNamestring - initiatorName is the custom iSCSI Initiator Name. -If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface -: will be created for the connection.
- 		false
iscsiInterfacemedium string - iscsiInterface is the interface Name that uses an iSCSI transport. -Defaults to 'default' (tcp).
- 		false
portals[]string - portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port -is other than default (typically TCP ports 860 and 3260).
- 		false
readOnlyboolean - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false.
+ medium represents what type of storage medium should back this directory. +The default is "" which means to use the node's default medium. +Must be an empty string (default) or Memory. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
secretRefobjectsizeLimitint or string - secretRef is the CHAP Secret for iSCSI target and initiator authentication
+ sizeLimit is the total amount of local storage required for this EmptyDir volume. +The size limit is also applicable for memory medium. +The maximum usage on memory medium EmptyDir would be the minimum value between +the SizeLimit specified here and the sum of memory limits of all containers in a pod. +The default is nil which means that the limit is undefined. +More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].iscsi.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexiscsi) +### Cluster.spec.manifests[index].ephemeral +[↩ Parent](#clusterspecmanifestsindex) -secretRef is the CHAP Secret for iSCSI target and initiator authentication +ephemeral represents a volume that is handled by a cluster storage driver. +The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, +and deleted when the pod is removed. + + +Use this if: +a) the volume is only needed while the pod runs, +b) features of normal volumes like restoring from snapshot or capacity + tracking are needed, +c) the storage driver is specified through a storage class, and +d) the storage driver supports dynamic volume provisioning through + a PersistentVolumeClaim (see EphemeralVolumeSource for more + information on the connection between this volume type + and PersistentVolumeClaim). + + +Use PersistentVolumeClaim or one of the vendor-specific +APIs for volumes that persist for longer than the lifecycle +of an individual pod. + + +Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to +be used that way - see the documentation of the driver for +more information. + + +A pod can use both types of ephemeral volumes and +persistent volumes at the same time. @@ -26031,25 +36199,68 @@ secretRef is the CHAP Secret for iSCSI target and initiator authentication - - + +
namestringvolumeClaimTemplateobject - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].nfs -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate +[↩ Parent](#clusterspecmanifestsindexephemeral) -nfs represents an NFS mount on the host that shares a pod's lifetime -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs +Will be used to create a stand-alone PVC to provision the volume. +The pod in which this EphemeralVolumeSource is embedded will be the +owner of the PVC, i.e. the PVC will be deleted together with the +pod. The name of the PVC will be `-` where +`` is the name from the `PodSpec.Volumes` array +entry. Pod validation will reject the pod if the concatenated name +is not valid for a PVC (for example, too long). + + +An existing PVC with that name that is not owned by the pod +will *not* be used for the pod to avoid using an unrelated +volume by mistake. Starting the pod is then blocked until +the unrelated PVC is removed. If such a pre-created PVC is +meant to be used by the pod, the PVC has to updated with an +owner reference to the pod once the pod exists. Normally +this should not be necessary, but it may be useful when +manually reconstructing a broken cluster. + + +This field is read-only and no changes will be made by Kubernetes +to the PVC after it has been created. + + +Required, must not be nil. @@ -26061,42 +36272,37 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - - - - - - - + + - - + +
pathstring - path that is exported by the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
- 		true
serverstringspecobject - server is the hostname or IP address of the NFS server. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here.
 true
readOnlybooleanmetadataobject - readOnly here will force the NFS export to be mounted with read-only permissions. -Defaults to false. -More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+ May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].persistentVolumeClaim -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplate) -persistentVolumeClaimVolumeSource represents a reference to a -PersistentVolumeClaim in the same namespace. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims +The specification for the PersistentVolumeClaim. The entire content is +copied unchanged into the PVC that gets created from this +template. The same fields as in a PersistentVolumeClaim +are also valid here. @@ -26108,31 +36314,114 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis - + + + + + + + + + + + + + + + + + + + + + + + + + + - + - - + + + + + + +
claimNameaccessModes[]string + accessModes contains the desired access modes the volume should have. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+ 		false
dataSourceobject + dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+ 		false
dataSourceRefobject + dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+ 		false
resourcesobject + resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+ 		false
selectorobject + selector is a label query over volumes to consider for binding.
+ 		false
storageClassName string - claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. -More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+ storageClassName is the name of the StorageClass required by the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
truefalse
readOnlybooleanvolumeModestring - readOnly Will force the ReadOnly setting in VolumeMounts. -Default false.
+ volumeMode defines what type of volume is required by the claim. +Value of Filesystem is implied when not included in claim spec.
+ 		false
volumeNamestring + volumeName is the binding reference to the PersistentVolume backing this claim.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].photonPersistentDisk -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) -photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine +dataSource field can be used to specify either: +* An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) +* An existing PVC (PersistentVolumeClaim) +If the provisioner or an external controller can support the specified data source, +it will create a new volume based on the contents of the specified data source. +When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, +and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. +If the namespace is specified, then dataSourceRef will not be copied to dataSource. @@ -26144,31 +36433,60 @@ photonPersistentDisk represents a PhotonController persistent disk attached and - + - + + + + + +
pdIDkind string - pdID is the ID that identifies Photon Controller persistent disk
+ Kind is the type of resource being referenced
 true
fsTypename string - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+ Name is the name of resource being referenced
+ 		true
apiGroupstring + APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].portworxVolume -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) -portworxVolume represents a portworx volume attached and mounted on kubelets host machine +dataSourceRef specifies the object from which to populate the volume with data, if a non-empty +volume is desired. This may be any object from a non-empty API group (non +core object) or a PersistentVolumeClaim object. +When this field is specified, volume binding will only succeed if the type of +the specified object matches some installed volume populator or dynamic +provisioner. +This field will replace the functionality of the dataSource field and as such +if both fields are non-empty, they must have the same value. For backwards +compatibility, when namespace isn't specified in dataSourceRef, +both fields (dataSource and dataSourceRef) will be set to the same +value automatically if one of them is empty and the other is non-empty. +When namespace is specified in dataSourceRef, +dataSource isn't set to the same value and must be empty. +There are three important differences between dataSource and dataSourceRef: +* While dataSource only allows two specific types of objects, dataSourceRef + allows any non-core object, as well as PersistentVolumeClaim objects. +* While dataSource ignores disallowed values (dropping them), dataSourceRef + preserves all values, and generates an error if a disallowed value is + specified. +* While dataSource only allows local objects, dataSourceRef allows objects + in any namespaces. +(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. +(Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. @@ -26180,39 +36498,51 @@ portworxVolume represents a portworx volume attached and mounted on kubelets hos - + + + + + + - + - - + +
volumeIDkind string - volumeID uniquely identifies a Portworx volume
+ Kind is the type of resource being referenced
+ 		true
namestring + Name is the name of resource being referenced
 true
fsTypeapiGroup string - fSType represents the filesystem type to mount -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+ APIGroup is the group for the resource being referenced. +If APIGroup is not specified, the specified Kind must be in the core API group. +For any other third-party types, APIGroup is required.
 false
readOnlybooleannamespacestring - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ Namespace is the namespace of resource being referenced +Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. +(Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) -projected items for all in one resources secrets, configmaps, and downward API +resources represents the minimum resources the volume should have. +If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements +that are lower than previous value but must still be higher than capacity recorded in the +status field of the claim. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources @@ -26224,36 +36554,48 @@ projected items for all in one resources secrets, configmaps, and downward API - - + + - - + + + + + + +
defaultModeintegerclaims[]object - defaultMode are the mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + + +This is an alpha field and requires enabling the +DynamicResourceAllocation feature gate. + + +This field is immutable. It can only be set for containers.
 false
sources[]objectlimitsmap[string]int or string - sources is the list of volume projections
+ Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojected) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespecresources) -Projection that may be projected along with other supported volume types +ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -26265,43 +36607,24 @@ Projection that may be projected along with other supported volume types - - - - - - - - - - - - - - - - - + + - +
configMapobject - configMap information about the configMap data to project
- 		false
downwardAPIobject - downwardAPI information about the downwardAPI data to project
- 		false
secretobject - secret information about the secret data to project
- 		false
serviceAccountTokenobjectnamestring - serviceAccountToken is information about the serviceAccountToken data to project
+ Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
falsetrue
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].configMap -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) -configMap information about the configMap data to project +selector is a label query over volumes to consider for binding. @@ -26313,44 +36636,32 @@ configMap information about the configMap data to project - + - - - - - - - + +
itemsmatchExpressions []object - items if unspecified, each key-value pair in the Data field of the referenced -ConfigMap will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the ConfigMap, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
- 		false
namestring - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ matchExpressions is a list of label selector requirements. The requirements are ANDed.
 false
optionalbooleanmatchLabelsmap[string]string - optional specify whether the ConfigMap or its keys must be defined
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels +map is equivalent to an element of matchExpressions, whose key field is "key", the +operator is "In", and the values array contains only "value". The requirements are ANDed.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].configMap.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexconfigmap) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespecselector) -Maps a string key to a path within a volume. +A label selector requirement is a selector that contains values, a key, and an operator that +relates the key and values. @@ -26365,43 +36676,39 @@ Maps a string key to a path within a volume. - + - - + +
key string - key is the key to project.
+ key is the label key that the selector applies to.
 true
pathoperator string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ operator represents a key's relationship to a set of values. +Valid operators are In, NotIn, Exists and DoesNotExist.
 true
modeintegervalues[]string - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ values is an array of string values. If the operator is In or NotIn, +the values array must be non-empty. If the operator is Exists or DoesNotExist, +the values array must be empty. This array is replaced during a strategic +merge patch.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) +### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplate) -downwardAPI information about the downwardAPI data to project +May contain labels and annotations that will be copied into the PVC +when creating it. No other fields are allowed and will be rejected during +validation. @@ -26413,22 +36720,50 @@ downwardAPI information about the downwardAPI data to project - - + + + + + + + + + + + + + + + + + + + + + +
items[]objectannotationsmap[string]string - Items is a list of DownwardAPIVolume file
+
+ 		false
finalizers[]string +
+ 		false
labelsmap[string]string +
+ 		false
namestring +
+ 		false
namespacestring +
false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapi) +### Cluster.spec.manifests[index].fc +[↩ Parent](#clusterspecmanifestsindex) -DownwardAPIVolumeFile represents information to create the file containing the pod field +fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. @@ -26440,51 +36775,58 @@ DownwardAPIVolumeFile represents information to create the file containing the p - + - - - - - - + - - + + + + + + + + + + + +
pathfsType string - Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
- 		true
fieldRefobject - Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +TODO: how do we prevent errors in the filesystem from compromising the machine
 false
modelun integer - Optional: mode bits used to set permissions on this file, must be an octal value -between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ lun is Optional: FC target lun number

Format: int32
 false
resourceFieldRefobjectreadOnlyboolean - Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+ readOnly is Optional: Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
targetWWNs[]string + targetWWNs is Optional: FC target worldwide names (WWNs)
+ 		false
wwids[]string + wwids Optional: FC volume world wide identifiers (wwids) +Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index].fieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapiitemsindex) +### Cluster.spec.manifests[index].flexVolume +[↩ Parent](#clusterspecmanifestsindex) -Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. +flexVolume represents a generic volume resource that is +provisioned/attached using an exec based plugin. @@ -26496,30 +36838,61 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa - + - + + + + + + + + + + + + + + + +
fieldPathdriver string - Path of the field to select in the specified API version.
+ driver is the name of the driver to use for this volume.
 true
apiVersionfsType string - Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+ 		false
optionsmap[string]string + options is Optional: this field holds extra command options if any.
+ 		false
readOnlyboolean + readOnly is Optional: defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
+ 		false
secretRefobject + secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexdownwardapiitemsindex) +### Cluster.spec.manifests[index].flexVolume.secretRef +[↩ Parent](#clusterspecmanifestsindexflexvolume) -Selects a resource of the container: only resources limits and requests -(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. +secretRef is Optional: secretRef is reference to the secret object containing +sensitive information to pass to the plugin scripts. This may be +empty if no secret object is specified. If the secret object +contains more than one secret, all secrets are passed to the plugin +scripts. @@ -26531,36 +36904,24 @@ Selects a resource of the container: only resources limits and requests - - - - - - + - - - - -
resourcestring - Required: resource to select
- 		true
containerNamename string - Container name: required for volumes, optional for env vars
- 		false
divisorint or string - Specifies the output format of the exposed resources, defaults to "1"
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].secret -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) +### Cluster.spec.manifests[index].flocker +[↩ Parent](#clusterspecmanifestsindex) -secret information about the secret data to project +flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running @@ -26572,44 +36933,32 @@ secret information about the secret data to project - - - - - - + - - + +
items[]object - items if unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
- 		false
namedatasetName string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker +should be considered as deprecated
 false
optionalbooleandatasetUUIDstring - optional field specify whether the Secret or its key must be defined
+ datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].secret.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindexsecret) +### Cluster.spec.manifests[index].gcePersistentDisk +[↩ Parent](#clusterspecmanifestsindex) -Maps a string key to a path within a volume. +gcePersistentDisk represents a GCE Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk @@ -26621,46 +36970,59 @@ Maps a string key to a path within a volume. - + - + - + - + + + + + +
keypdName string - key is the key to project.
+ pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
 true
pathfsType string - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
+ fsType is filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk +TODO: how do we prevent errors in the filesystem from compromising the machine
truefalse
modepartition integer - mode is Optional: mode bits used to set permissions on this file. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
+ partition is the partition in the volume that you want to mount. +If omitted, the default is to mount by volume name. +Examples: For volume /dev/sda1, you specify the partition as "1". +Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk

Format: int32
 false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].projected.sources[index].serviceAccountToken -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexprojectedsourcesindex) +### Cluster.spec.manifests[index].gitRepo +[↩ Parent](#clusterspecmanifestsindex) -serviceAccountToken is information about the serviceAccountToken data to project +gitRepo represents a git repository at a particular revision. +DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an +EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir +into the Pod's container. @@ -26672,47 +37034,40 @@ serviceAccountToken is information about the serviceAccountToken data to project - + - + - - + +
pathrepository string - path is the path relative to the mount point of the file to project the -token into.
+ repository is the URL
 true
audiencedirectory string - audience is the intended audience of the token. A recipient of a token -must identify itself with an identifier specified in the audience of the -token, and otherwise should reject the token. The audience defaults to the -identifier of the apiserver.
+ directory is the target directory name. +Must not contain or start with '..'. If '.' is supplied, the volume directory will be the +git repository. Otherwise, if specified, the volume will contain the git repository in +the subdirectory with the given name.
 false
expirationSecondsintegerrevisionstring - expirationSeconds is the requested duration of validity of the service -account token. As the token approaches expiration, the kubelet volume -plugin will proactively rotate the service account token. The kubelet will -start trying to rotate the token if the token is older than 80 percent of -its time to live or if the token is older than 24 hours.Defaults to 1 hour -and must be at least 10 minutes.
-
- Format: int64
+ revision is the commit hash for the specified revision.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].quobyte -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].glusterfs +[↩ Parent](#clusterspecmanifestsindex) -quobyte represents a Quobyte mount on the host that shares a pod's lifetime +glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/glusterfs/README.md @@ -26724,64 +37079,87 @@ quobyte represents a Quobyte mount on the host that shares a pod's lifetime - + - + - - - - - - - + +
registryendpoints string - registry represents a single or multiple Quobyte Registry services -specified as a string as host:port pair (multiple entries are separated with commas) -which acts as the central registry for volumes
+ endpoints is the endpoint name that details Glusterfs topology. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
volumepath string - volume is a string that references an already created Quobyte volume by name.
+ path is the Glusterfs volume path. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 true
groupstring - group to map volume access to -Default is no group
- 		false
readOnly boolean - readOnly here will force the Quobyte volume to be mounted with read-only permissions. -Defaults to false.
+ readOnly here will force the Glusterfs volume to be mounted with read-only permissions. +Defaults to false. +More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
 false
tenant
+ + +### Cluster.spec.manifests[index].hostPath +[↩ Parent](#clusterspecmanifestsindex) + + + +hostPath represents a pre-existing file or directory on the host +machine that is directly exposed to the container. This is generally +used for system agents or other privileged things that are allowed +to see the host machine. Most containers will NOT need this. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath +--- +TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not +mount host directories as read/write. + + + + + + + + + + + + - + - +
NameTypeDescriptionRequired
path string - tenant owning the given Quobyte volume in the Backend -Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ path of the directory on the host. +If the path is a symlink, it will follow the link to the real path. +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
falsetrue
usertype string - user to map volume access to -Defaults to serivceaccount user
+ type for HostPath Volume +Defaults to "" +More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].rbd -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].iscsi +[↩ Parent](#clusterspecmanifestsindex) -rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. -More info: https://examples.k8s.io/volumes/rbd/README.md +iscsi represents an ISCSI Disk resource that is attached to a +kubelet's host machine and then exposed to the pod. +More info: https://examples.k8s.io/volumes/iscsi/README.md @@ -26793,21 +37171,43 @@ More info: https://examples.k8s.io/volumes/rbd/README.md - + - - + + + + + + + + + + + + + + + + + @@ -26815,69 +37215,60 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. -More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine
- + - + - - + + - - + + - - + +
imageiqn string - image is the rados image name. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ iqn is the target iSCSI Qualified Name.
 true
monitors[]stringluninteger - monitors is a collection of Ceph monitors. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ lun represents iSCSI Target Lun number.
+
+ Format: int32
+ 		true
targetPortalstring + targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 true
chapAuthDiscoveryboolean + chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication
+ 		false
chapAuthSessionboolean + chapAuthSession defines whether support iSCSI Session CHAP authentication
+ 		false
fsType string false
keyringinitiatorName string - keyring is the path to key ring for RBDUser. -Default is /etc/ceph/keyring. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ initiatorName is the custom iSCSI Initiator Name. +If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface +: will be created for the connection.
 false
pooliscsiInterface string - pool is the rados pool name. -Default is rbd. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ iscsiInterface is the interface Name that uses an iSCSI transport. +Defaults to 'default' (tcp).
 false
readOnlybooleanportals[]string - readOnly here will force the ReadOnly setting in VolumeMounts. -Defaults to false. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port +is other than default (typically TCP ports 860 and 3260).
 false
secretRefobjectreadOnlyboolean - secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false.
 false
userstringsecretRefobject - user is the rados user name. -Default is admin. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ secretRef is the CHAP Secret for iSCSI target and initiator authentication
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].rbd.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexrbd) +### Cluster.spec.manifests[index].iscsi.secretRef +[↩ Parent](#clusterspecmanifestsindexiscsi) -secretRef is name of the authentication secret for RBDUser. If provided -overrides keyring. -Default is nil. -More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it +secretRef is the CHAP Secret for iSCSI target and initiator authentication @@ -26901,12 +37292,13 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].scaleIO -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].nfs +[↩ Parent](#clusterspecmanifestsindex) -scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. +nfs represents an NFS mount on the host that shares a pod's lifetime +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs @@ -26918,93 +37310,78 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete - + - - - - - - + - - - - - - - - - - - - - - - - - - - - - - + +
gatewaypath string - gateway is the host address of the ScaleIO API Gateway.
- 		true
secretRefobject - secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail.
+ path that is exported by the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
systemserver string - system is the name of the storage system as configured in ScaleIO.
+ server is the hostname or IP address of the NFS server. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 true
fsTypestring - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". -Default is "xfs".
- 		false
protectionDomainstring - protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
- 		false
readOnly boolean - readOnly Defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
- 		false
sslEnabledboolean - sslEnabled Flag enable/disable SSL communication with Gateway, default false
- 		false
storageModestring - storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. -Default is ThinProvisioned.
+ readOnly here will force the NFS export to be mounted with read-only permissions. +Defaults to false. +More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
storagePool
+ + +### Cluster.spec.manifests[index].persistentVolumeClaim +[↩ Parent](#clusterspecmanifestsindex) + + + +persistentVolumeClaimVolumeSource represents a reference to a +PersistentVolumeClaim in the same namespace. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims + + + + + + + + + + + + - + - - + +
NameTypeDescriptionRequired
claimName string - storagePool is the ScaleIO Storage Pool associated with the protection domain.
+ claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. +More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
falsetrue
volumeNamestringreadOnlyboolean - volumeName is the name of a volume already created in the ScaleIO system -that is associated with this volume source.
+ readOnly Will force the ReadOnly setting in VolumeMounts. +Default false.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].scaleIO.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexscaleio) +### Cluster.spec.manifests[index].photonPersistentDisk +[↩ Parent](#clusterspecmanifestsindex) -secretRef references to the secret for ScaleIO user and other -sensitive information. If this is not provided, Login operation will fail. +photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine @@ -27016,25 +37393,31 @@ sensitive information. If this is not provided, Login operation will fail. - + + + + + +
namepdID string - Name of the referent. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names -TODO: Add other useful fields. apiVersion, kind, uid?
+ pdID is the ID that identifies Photon Controller persistent disk
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].secret -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].portworxVolume +[↩ Parent](#clusterspecmanifestsindex) -secret represents a secret that should populate this volume. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret +portworxVolume represents a portworx volume attached and mounted on kubelets host machine @@ -27046,58 +37429,39 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - - + + - + - - + + - + - - - - -
defaultModeintegervolumeIDstring - defaultMode is Optional: mode bits used to set permissions on created files by default. -Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. -YAML accepts both octal and decimal values, JSON requires decimal values -for mode bits. Defaults to 0644. -Directories within the path are not affected by this setting. -This might be in conflict with other options that affect the file -mode, like fsGroup, and the result can be other mode bits set.
-
- Format: int32
+ volumeID uniquely identifies a Portworx volume
falsetrue
items[]objectfsTypestring - items If unspecified, each key-value pair in the Data field of the referenced -Secret will be projected into the volume as a file whose name is the -key and content is the value. If specified, the listed keys will be -projected into the specified paths, and unlisted keys will not be -present. If a key is specified which is not present in the Secret, -the volume setup will error unless it is marked optional. Paths must be -relative and may not contain the '..' path or start with '..'.
+ fSType represents the filesystem type to mount +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
 false
optionalreadOnly boolean - optional field specify whether the Secret or its keys must be defined
- 		false
secretNamestring - secretName is the name of the secret in the pod's namespace to use. -More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].secret.items[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexsecret) +### Cluster.spec.manifests[index].projected +[↩ Parent](#clusterspecmanifestsindex) -Maps a string key to a path within a volume. +projected items for all in one resources secrets, configmaps, and downward API @@ -27109,46 +37473,36 @@ Maps a string key to a path within a volume. - - - - - - - - - - - + + + + + +
keystring - key is the key to project.
- 		true
pathstring - path is the relative path of the file to map the key to. -May not be an absolute path. -May not contain the path element '..'. -May not start with the string '..'.
- 		true
modedefaultMode integer - mode is Optional: mode bits used to set permissions on this file. + defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. -If not specified, the volume defaultMode will be used. +Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

Format: int32
 false
sources[]object + sources is the list of volume projections
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].storageos -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].projected.sources[index] +[↩ Parent](#clusterspecmanifestsindexprojected) -storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. +Projection that may be projected along with other supported volume types @@ -27160,61 +37514,43 @@ storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes - - - - - - - + + - + - - + + - - + +
fsTypestring - fsType is the filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- 		false
readOnlybooleanconfigMapobject - readOnly defaults to false (read/write). ReadOnly here will force -the ReadOnly setting in VolumeMounts.
+ configMap information about the configMap data to project
 false
secretRefdownwardAPI object - secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted.
+ downwardAPI information about the downwardAPI data to project
 false
volumeNamestringsecretobject - volumeName is the human-readable name of the StorageOS volume. Volume -names are only unique within a namespace.
+ secret information about the secret data to project
 false
volumeNamespacestringserviceAccountTokenobject - volumeNamespace specifies the scope of the volume within StorageOS. If no -namespace is specified then the Pod's namespace will be used. This allows the -Kubernetes name scoping to be mirrored within StorageOS for tighter integration. -Set VolumeName to any name to override the default behaviour. -Set to "default" if you are not using namespaces within StorageOS. -Namespaces that do not pre-exist within StorageOS will be created.
+ serviceAccountToken is information about the serviceAccountToken data to project
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].storageos.secretRef -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindexstorageos) +### Cluster.spec.manifests[index].projected.sources[index].configMap +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) -secretRef specifies the secret to use for obtaining the StorageOS API -credentials. If not specified, default values will be attempted. +configMap information about the configMap data to project @@ -27226,6 +37562,19 @@ credentials. If not specified, default values will be attempted. + + + + + + + + + +
items[]object + items if unspecified, each key-value pair in the Data field of the referenced +ConfigMap will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the ConfigMap, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
name string @@ -27234,16 +37583,23 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/nam TODO: Add other useful fields. apiVersion, kind, uid?
 false
optionalboolean + optional specify whether the ConfigMap or its keys must be defined
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.template.spec.volumes[index].vsphereVolume -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespectemplatespecvolumesindex) +### Cluster.spec.manifests[index].projected.sources[index].configMap.items[index] +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexconfigmap) -vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine +Maps a string key to a path within a volume. @@ -27255,55 +37611,46 @@ vsphereVolume represents a vSphere volume attached and mounted on kubelets host - + - - - - - - + - + - - + +
volumePathkey string - volumePath is the path that identifies vSphere volume vmdk
+ key is the key to project.
 true
fsTypestring - fsType is filesystem type to mount. -Must be a filesystem type supported by the host operating system. -Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
- 		false
storagePolicyIDpath string - storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
storagePolicyNamestringmodeinteger - storagePolicyName is the storage Policy Based Management (SPBM) profile name.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) - - +### Cluster.spec.manifests[index].projected.sources[index].downwardAPI +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) -Specifies the policy of handling failed pods. In particular, it allows to -specify the set of actions and conditions which need to be -satisfied to take the associated action. -If empty, the default behaviour applies - the counter of failed pods, -represented by the jobs's .status.failed field, is incremented and it is -checked against the backoffLimit. This field cannot be used in combination -with restartPolicy=OnFailure. -This field is beta-level. It can be used when the `JobPodFailurePolicy` -feature gate is enabled (enabled by default). +downwardAPI information about the downwardAPI data to project @@ -27315,27 +37662,22 @@ feature gate is enabled (enabled by default). - + - +
rulesitems []object - A list of pod failure policy rules. The rules are evaluated in order. -Once a rule matches a Pod failure, the remaining of the rules are ignored. -When no rule matches the Pod failure, the default handling applies - the -counter of pod failures is incremented and it is checked against -the backoffLimit. At most 20 elements are allowed.
+ Items is a list of DownwardAPIVolume file
truefalse
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicy) +### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapi) -PodFailurePolicyRule describes how a pod failure is handled when the requirements are met. -One of onExitCodes and onPodConditions, but not both, can be used in each rule. +DownwardAPIVolumeFile represents information to create the file containing the pod field @@ -27347,53 +37689,51 @@ One of onExitCodes and onPodConditions, but not both, can be used in each rule. - + - + - - + + + + + + +
actionpath string - Specifies the action taken on a pod failure when the requirements are satisfied. -Possible values are: - - -- FailJob: indicates that the pod's job is marked as Failed and all - running pods are terminated. -- FailIndex: indicates that the pod's index is marked as Failed and will - not be restarted. - This value is alpha-level. It can be used when the - `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default). -- Ignore: indicates that the counter towards the .backoffLimit is not - incremented and a replacement pod is created. -- Count: indicates that the pod is handled in the default way - the - counter towards the .backoffLimit is incremented. -Additional values are considered to be added in the future. Clients should -react to an unknown action by skipping the rule.
+ Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
 true
onExitCodesfieldRef object - Represents the requirement on the container exit codes.
+ Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
 false
onPodConditions[]objectmodeinteger + Optional: mode bits used to set permissions on this file, must be an octal value +between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
resourceFieldRefobject - Represents the requirement on the pod conditions. The requirement is represented -as a list of pod condition patterns. The requirement is satisfied if at -least one pattern matches an actual pod condition. At most 20 elements are allowed.
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index].onExitCodes -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicyrulesindex) +### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) -Represents the requirement on the container exit codes. +Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. @@ -27405,56 +37745,30 @@ Represents the requirement on the container exit codes. - + - - - - - - +
operatorfieldPath string - Represents the relationship between the container exit code(s) and the -specified values. Containers completed with success (exit code 0) are -excluded from the requirement check. Possible values are: - - -- In: the requirement is satisfied if at least one container exit code - (might be multiple if there are multiple containers not restricted - by the 'containerName' field) is in the set of specified values. -- NotIn: the requirement is satisfied if at least one container exit code - (might be multiple if there are multiple containers not restricted - by the 'containerName' field) is not in the set of specified values. -Additional values are considered to be added in the future. Clients should -react to an unknown operator by assuming the requirement is not satisfied.
- 		true
values[]integer - Specifies the set of values. Each returned container exit code (might be -multiple in case of multiple containers) is checked against this set of -values with respect to the operator. The list of values must be ordered -and must not contain duplicates. Value '0' cannot be used for the In operator. -At least one element is required. At most 255 elements are allowed.
+ Path of the field to select in the specified API version.
 true
containerNameapiVersion string - Restricts the check for exit codes to the container with the -specified name. When null, the rule applies to all containers. -When specified, it should match one the container or initContainer -names in the pod template.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.podFailurePolicy.rules[index].onPodConditions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecpodfailurepolicyrulesindex) +### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) -PodFailurePolicyOnPodConditionsPattern describes a pattern for matching -an actual pod condition type. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. @@ -27466,34 +37780,36 @@ an actual pod condition type. - + - + - + + + + + +
statusresource string - Specifies the required Pod condition status. To match a pod condition -it is required that the specified status equals the pod condition status. -Defaults to True.
+ Required: resource to select
 true
typecontainerName string - Specifies the required Pod condition type. To match a pod condition -it is required that specified type equals the pod condition type.
+ Container name: required for volumes, optional for env vars
truefalse
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.selector -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespec) +### Cluster.spec.manifests[index].projected.sources[index].secret +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) -A label query over pods that should match the pod count. -Normally, the system sets this field for you. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors +secret information about the secret data to project @@ -27505,32 +37821,44 @@ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/lab - + - - + + + + + + +
matchExpressionsitems []object - matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items if unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
 false
matchLabelsmap[string]stringnamestring - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels -map is equivalent to an element of matchExpressions, whose key field is "key", the -operator is "In", and the values array contains only "value". The requirements are ANDed.
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
+ 		false
optionalboolean + optional field specify whether the Secret or its key must be defined
 false
-### RemoteMachine.spec.provisionJob.jobSpecTemplate.spec.selector.matchExpressions[index] -[↩ Parent](#remotemachinespecprovisionjobjobspectemplatespecselector) +### Cluster.spec.manifests[index].projected.sources[index].secret.items[index] +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexsecret) -A label selector requirement is a selector that contains values, a key, and an operator that -relates the key and values. +Maps a string key to a path within a volume. @@ -27545,38 +37873,43 @@ relates the key and values. - + - - + +
key string - key is the label key that the selector applies to.
+ key is the key to project.
 true
operatorpath string - operator represents a key's relationship to a set of values. -Valid operators are In, NotIn, Exists and DoesNotExist.
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
 true
values[]stringmodeinteger - values is an array of string values. If the operator is In or NotIn, -the values array must be non-empty. If the operator is Exists or DoesNotExist, -the values array must be empty. This array is replaced during a strategic -merge patch.
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### RemoteMachine.spec.sshKeyRef -[↩ Parent](#remotemachinespec) +### Cluster.spec.manifests[index].projected.sources[index].serviceAccountToken +[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) -SSHKeyRef is a reference to a secret that contains the SSH private key. -The key must be placed on the secret using the key "value". +serviceAccountToken is information about the serviceAccountToken data to project @@ -27588,22 +37921,47 @@ The key must be placed on the secret using the key "value". - + + + + + + + + + + +
namepath string - Name is the name of the secret.
+ path is the path relative to the mount point of the file to project the +token into.
 true
audiencestring + audience is the intended audience of the token. A recipient of a token +must identify itself with an identifier specified in the audience of the +token, and otherwise should reject the token. The audience defaults to the +identifier of the apiserver.
+ 		false
expirationSecondsinteger + expirationSeconds is the requested duration of validity of the service +account token. As the token approaches expiration, the kubelet volume +plugin will proactively rotate the service account token. The kubelet will +start trying to rotate the token if the token is older than 80 percent of +its time to live or if the token is older than 24 hours.Defaults to 1 hour +and must be at least 10 minutes.
+
+ Format: int64
+ 		false
-### RemoteMachine.status -[↩ Parent](#remotemachine) +### Cluster.spec.manifests[index].quobyte +[↩ Parent](#clusterspecmanifestsindex) -RemoteMachineStatus defines the observed state of RemoteMachine +quobyte represents a Quobyte mount on the host that shares a pod's lifetime @@ -27615,38 +37973,64 @@ RemoteMachineStatus defines the observed state of RemoteMachine - + - + - + + + + + + - + + + + + + + + + + +
failureMessageregistry string -
+ registry represents a single or multiple Quobyte Registry services +specified as a string as host:port pair (multiple entries are separated with commas) +which acts as the central registry for volumes
falsetrue
failureReasonvolume string -
+ volume is a string that references an already created Quobyte volume by name.
+ 		true
groupstring + group to map volume access to +Default is no group
 false
readyreadOnly boolean - Ready denotes that the remote machine is ready to be used.
+ readOnly here will force the Quobyte volume to be mounted with read-only permissions. +Defaults to false.
+ 		false
tenantstring + tenant owning the given Quobyte volume in the Backend +Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+ 		false
userstring + user to map volume access to +Defaults to serivceaccount user
 false
-## RemoteMachineTemplate -[↩ Parent](#infrastructureclusterx-k8siov1beta1 ) - - - +### Cluster.spec.manifests[index].rbd +[↩ Parent](#clusterspecmanifestsindex) +rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. +More info: https://examples.k8s.io/volumes/rbd/README.md @@ -27658,39 +38042,91 @@ RemoteMachineStatus defines the observed state of RemoteMachine - - - - - - - - - - - - - - - - + + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
apiVersionstringinfrastructure.cluster.x-k8s.io/v1beta1true
kindstringRemoteMachineTemplatetrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.trueimagestring + image is the rados image name. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		true
specmonitors[]string + monitors is a collection of Ceph monitors. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		true
fsTypestring + fsType is the filesystem type of the volume that you want to mount. +Tip: Ensure that the filesystem type is supported by the host operating system. +Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. +More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd +TODO: how do we prevent errors in the filesystem from compromising the machine
+ 		false
keyringstring + keyring is the path to key ring for RBDUser. +Default is /etc/ceph/keyring. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
poolstring + pool is the rados pool name. +Default is rbd. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
readOnlyboolean + readOnly here will force the ReadOnly setting in VolumeMounts. +Defaults to false. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
secretRef object -
+ secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+ 		false
userstring + user is the rados user name. +Default is admin. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
 false
-### RemoteMachineTemplate.spec -[↩ Parent](#remotemachinetemplate) - +### Cluster.spec.manifests[index].rbd.secretRef +[↩ Parent](#clusterspecmanifestsindexrbd) +secretRef is name of the authentication secret for RBDUser. If provided +overrides keyring. +Default is nil. +More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it @@ -27702,22 +38138,24 @@ RemoteMachineStatus defines the observed state of RemoteMachine - - + + - +
templateobjectnamestring -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-### RemoteMachineTemplate.spec.template -[↩ Parent](#remotemachinetemplatespec) - +### Cluster.spec.manifests[index].scaleIO +[↩ Parent](#clusterspecmanifestsindex) +scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. @@ -27729,84 +38167,93 @@ RemoteMachineStatus defines the observed state of RemoteMachine - + + + + + + + + + + + + + + + + - - + + - -
metadatagatewaystring + gateway is the host address of the ScaleIO API Gateway.
+ 		true
secretRef object -
+ secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail.
+ 		true
systemstring + system is the name of the storage system as configured in ScaleIO.
+ 		true
fsTypestring + fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". +Default is "xfs".
 false
specobjectprotectionDomainstring -
+ protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.
 false
- - -### RemoteMachineTemplate.spec.template.metadata -[↩ Parent](#remotemachinetemplatespectemplate) - - - - - - - - - - - - - - - - - + + + - - + + - - + + - + - +
NameTypeDescriptionRequired
annotationsmap[string]string
readOnlyboolean -
+ readOnly Defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
finalizers[]stringsslEnabledboolean -
+ sslEnabled Flag enable/disable SSL communication with Gateway, default false
 false
labelsmap[string]stringstorageModestring -
+ storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. +Default is ThinProvisioned.
 false
namestoragePool string -
+ storagePool is the ScaleIO Storage Pool associated with the protection domain.
 false
namespacevolumeName string -
+ volumeName is the name of a volume already created in the ScaleIO system +that is associated with this volume source.
 false
-### RemoteMachineTemplate.spec.template.spec -[↩ Parent](#remotemachinetemplatespectemplate) - +### Cluster.spec.manifests[index].scaleIO.secretRef +[↩ Parent](#clusterspecmanifestsindexscaleio) +secretRef references to the secret for ScaleIO user and other +sensitive information. If this is not provided, Login operation will fail. @@ -27818,35 +38265,88 @@ RemoteMachineStatus defines the observed state of RemoteMachine - + - +
poolname string -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
truefalse
-# k0smotron.io/v1beta1 - -Resource Types: - -- [Cluster](#cluster) - -- [JoinTokenRequest](#jointokenrequest) +### Cluster.spec.manifests[index].secret +[↩ Parent](#clusterspecmanifestsindex) -## Cluster -[↩ Parent](#k0smotroniov1beta1 ) +secret represents a secret that should populate this volume. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
defaultModeinteger + defaultMode is Optional: mode bits used to set permissions on created files by default. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values +for mode bits. Defaults to 0644. +Directories within the path are not affected by this setting. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
+ 		false
items[]object + items If unspecified, each key-value pair in the Data field of the referenced +Secret will be projected into the volume as a file whose name is the +key and content is the value. If specified, the listed keys will be +projected into the specified paths, and unlisted keys will not be +present. If a key is specified which is not present in the Secret, +the volume setup will error unless it is marked optional. Paths must be +relative and may not contain the '..' path or start with '..'.
+ 		false
optionalboolean + optional field specify whether the Secret or its keys must be defined
+ 		false
secretNamestring + secretName is the name of the secret in the pod's namespace to use. +More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+ 		false
+### Cluster.spec.manifests[index].secret.items[index] +[↩ Parent](#clusterspecmanifestsindexsecret) -Cluster is the Schema for the k0smotronclusters API +Maps a string key to a path within a volume. @@ -27858,48 +38358,46 @@ Cluster is the Schema for the k0smotronclusters API - - - - - - - - - - - - - - - - + + + + - - + + - + - - + +
apiVersionstringk0smotron.io/v1beta1true
kindstringClustertrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.truekeystring + key is the key to project.
+ 		true
specobjectpathstring - ClusterSpec defines the desired state of K0smotronCluster
-
- Default: map[service:map[type:NodePort]]
+ path is the relative path of the file to map the key to. +May not be an absolute path. +May not contain the path element '..'. +May not start with the string '..'.
falsetrue
statusobjectmodeinteger - ClusterStatus defines the observed state of K0smotronCluster
+ mode is Optional: mode bits used to set permissions on this file. +Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. +If not specified, the volume defaultMode will be used. +This might be in conflict with other options that affect the file +mode, like fsGroup, and the result can be other mode bits set.
+
+ Format: int32
 false
-### Cluster.spec -[↩ Parent](#cluster) +### Cluster.spec.manifests[index].storageos +[↩ Parent](#clusterspecmanifestsindex) -ClusterSpec defines the desired state of K0smotronCluster +storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. @@ -27911,150 +38409,61 @@ ClusterSpec defines the desired state of K0smotronCluster - - - - - - - - - - - - - - - - + - - + + - + - - - - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
certificateRefs[]object - CertificateRefs defines the certificate references.
- 		false
controllerPlaneFlags[]string - ControlPlaneFlags allows to configure additional flags for k0s -control plane and to override existing ones. The default flags are -kept unless they are overriden explicitly. Flags with arguments must -be specified as a single string, e.g. --some-flag=argument
- 		false
etcdobject - Etcd defines the etcd configuration.
-
- Default: map[image:quay.io/k0sproject/etcd:v3.5.13 persistence:map[]]
- 		false
externalAddressfsType string - ExternalAddress defines k0s external address. See https://docs.k0sproject.io/stable/configuration/#specapi -Will be detected automatically for service type LoadBalancer.
+ fsType is the filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
imagestringreadOnlyboolean - Image defines the k0s image to be deployed. If empty k0smotron -will pick it automatically. Must not include the image tag.
-
- Default: k0sproject/k0s
+ readOnly defaults to false (read/write). ReadOnly here will force +the ReadOnly setting in VolumeMounts.
 false
k0sConfigsecretRef object - k0sConfig defines the k0s configuration. Note, that some fields will be overwritten by k0smotron. -If empty, will be used default configuration. @see https://docs.k0sproject.io/stable/configuration/
- 		false
kineDataSourceSecretNamestring - KineDataSourceSecretName defines the name of kine datasource URL secret. -KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup -and one of them must be set if replicas > 1.
+ secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted.
 false
kineDataSourceURLvolumeName string - KineDataSourceURL defines the kine datasource URL. -KineDataSourceURL or KineDataSourceSecretName are required for HA controlplane setup -and one of them must be set if replicas > 1.
- 		false
manifests[]object - Manifests allows to specify list of volumes with manifests to be -deployed in the cluster. The volumes will be mounted -in /var/lib/k0s/manifests/, for this reason each -manifest is a stack. K0smotron allows any kind of volume, but the -recommendation is to use secrets and configmaps. -For more information check: -https://docs.k0sproject.io/stable/manifests/ and -https://kubernetes.io/docs/concepts/storage/volumes
- 		false
monitoringobject - Monitoring defines the monitoring configuration.
- 		false
persistenceobject - Persistence defines the persistence configuration. If empty k0smotron -will use emptyDir as a volume.
- 		false
replicasinteger - Replicas is the desired number of replicas of the k0s control planes. -If unspecified, defaults to 1. If the value is above 1, k0smotron requires kine datasource URL to be set. -Recommended value is 3.
-
- Format: int32
- Default: 1
- 		false
resourcesobject - Resources describes the compute resource requirements for the control plane pods.
- 		false
serviceobject - Service defines the service configuration.
-
- Default: map[apiPort:30443 konnectivityPort:30132 type:ClusterIP]
+ volumeName is the human-readable name of the StorageOS volume. Volume +names are only unique within a namespace.
 false
versionvolumeNamespace string - Version defines the k0s version to be deployed. If empty k0smotron -will pick it automatically.
+ volumeNamespace specifies the scope of the volume within StorageOS. If no +namespace is specified then the Pod's namespace will be used. This allows the +Kubernetes name scoping to be mirrored within StorageOS for tighter integration. +Set VolumeName to any name to override the default behaviour. +Set to "default" if you are not using namespaces within StorageOS. +Namespaces that do not pre-exist within StorageOS will be created.
 false
-### Cluster.spec.certificateRefs[index] -[↩ Parent](#clusterspec) - +### Cluster.spec.manifests[index].storageos.secretRef +[↩ Parent](#clusterspecmanifestsindexstorageos) +secretRef specifies the secret to use for obtaining the StorageOS API +credentials. If not specified, default values will be attempted. @@ -28066,31 +38475,24 @@ will pick it automatically.
- - - - -
typeenum -
-
- Enum: ca, sa, proxy, etcd, apiserver-etcd-client, etcd-peer, etcd-server
- 		true
name string -
+ Name of the referent. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names +TODO: Add other useful fields. apiVersion, kind, uid?
 false
-### Cluster.spec.etcd -[↩ Parent](#clusterspec) +### Cluster.spec.manifests[index].vsphereVolume +[↩ Parent](#clusterspecmanifestsindex) -Etcd defines the etcd configuration. +vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine @@ -28102,38 +38504,45 @@ Etcd defines the etcd configuration. - + - - + + - - + + + + + + +
imagevolumePath string - Image defines the etcd image to be deployed.
-
- Default: quay.io/k0sproject/etcd:v3.5.13
+ volumePath is the path that identifies vSphere volume vmdk
 true
args[]stringfsTypestring - Args defines the etcd arguments.
+ fsType is filesystem type to mount. +Must be a filesystem type supported by the host operating system. +Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
 false
persistenceobjectstoragePolicyIDstring - Persistence defines the persistence configuration.
+ storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.
+ 		false
storagePolicyNamestring + storagePolicyName is the storage Policy Based Management (SPBM) profile name.
 false
-### Cluster.spec.etcd.persistence -[↩ Parent](#clusterspecetcd) +### Cluster.spec.monitoring +[↩ Parent](#clusterspec) -Persistence defines the persistence configuration. +Monitoring defines the monitoring configuration. @@ -28145,31 +38554,41 @@ Persistence defines the persistence configuration. - - + + + + + + + - + - + - +
sizeint or stringenabledboolean - Size defines the size of the etcd volume. Default: 1Gi
+ Enabled enables prometheus sidecar that scrapes metrics from the child cluster system components and expose +them as usual kubernetes pod metrics.
+ 		true
prometheusImagestring + PrometheusImage defines the image used for the prometheus sidecar.

- Default: 1Gi
+ Default: quay.io/k0sproject/prometheus:v2.44.0
falsetrue
storageClassproxyImage string - StorageClass defines the storage class to be used for etcd persistence. If empty, will be used the default storage class.
+ ProxyImage defines the image used for the nginx proxy sidecar.
+
+ Default: nginx:1.19.10
falsetrue
-### Cluster.spec.manifests[index] +### Cluster.spec.mounts[index] [↩ Parent](#clusterspec) -Volume represents a named volume in a pod that may be accessed by any container in the pod. + @@ -28181,16 +38600,14 @@ Volume represents a named volume in a pod that may be accessed by any container - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +
namepath string - name of the volume. -Must be a DNS_LABEL and unique within the pod. -More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
true
awsElasticBlockStoreawsElasticBlockStore object awsElasticBlockStore represents an AWS Disk resource that is attached to a @@ -28199,28 +38616,28 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst false
azureDiskazureDisk object azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.
 false
azureFileazureFile object azureFile represents an Azure File Service mount on the host and bind mount to the pod.
 false
cephfscephfs object cephFS represents a Ceph FS mount on the host that shares a pod's lifetime
 false
cindercinder object cinder represents a cinder volume attached and mounted on kubelets host machine. @@ -28228,28 +38645,28 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
 false
configMapconfigMap object configMap represents a configMap that should populate this volume
 false
csicsi object csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature).
 false
downwardAPIdownwardAPI object downwardAPI represents downward API about the pod that should populate this volume
 false
emptyDiremptyDir object emptyDir represents a temporary directory that shares a pod's lifetime. @@ -28257,7 +38674,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
 false
ephemeralephemeral object ephemeral represents a volume that is handled by a cluster storage driver. @@ -28291,14 +38708,14 @@ persistent volumes at the same time.
 false
fcfc object fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.
 false
flexVolumeflexVolume object flexVolume represents a generic volume resource that is @@ -28306,14 +38723,14 @@ provisioned/attached using an exec based plugin.
 false
flockerflocker object flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running
 false
gcePersistentDiskgcePersistentDisk object gcePersistentDisk represents a GCE Disk resource that is attached to a @@ -28322,7 +38739,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk false
gitRepogitRepo object gitRepo represents a git repository at a particular revision. @@ -28332,7 +38749,7 @@ into the Pod's container.
 false
glusterfsglusterfs object glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. @@ -28340,7 +38757,7 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md
 false
hostPathhostPath object hostPath represents a pre-existing file or directory on the host @@ -28354,7 +38771,7 @@ mount host directories as read/write.
 false
iscsiiscsi object iscsi represents an ISCSI Disk resource that is attached to a @@ -28363,7 +38780,7 @@ More info: https://examples.k8s.io/volumes/iscsi/README.md
 false
nfsnfs object nfs represents an NFS mount on the host that shares a pod's lifetime @@ -28371,7 +38788,7 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
 false
persistentVolumeClaimpersistentVolumeClaim object persistentVolumeClaimVolumeSource represents a reference to a @@ -28380,35 +38797,35 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persis false
photonPersistentDiskphotonPersistentDisk object photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine
 false
portworxVolumeportworxVolume object portworxVolume represents a portworx volume attached and mounted on kubelets host machine
 false
projectedprojected object projected items for all in one resources secrets, configmaps, and downward API
 false
quobytequobyte object quobyte represents a Quobyte mount on the host that shares a pod's lifetime
 false
rbdrbd object rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. @@ -28416,14 +38833,14 @@ More info: https://examples.k8s.io/volumes/rbd/README.md
 false
scaleIOscaleIO object scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes.
 false
secretsecret object secret represents a secret that should populate this volume. @@ -28431,14 +38848,14 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
 false
storageosstorageos object storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes.
 false
vsphereVolumevsphereVolume object vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine
@@ -28448,8 +38865,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-### Cluster.spec.manifests[index].awsElasticBlockStore -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].awsElasticBlockStore +[↩ Parent](#clusterspecmountsindex) @@ -28509,8 +38926,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockst -### Cluster.spec.manifests[index].azureDisk -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].azureDisk +[↩ Parent](#clusterspecmountsindex) @@ -28574,8 +38991,8 @@ the ReadOnly setting in VolumeMounts.
-### Cluster.spec.manifests[index].azureFile -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].azureFile +[↩ Parent](#clusterspecmountsindex) @@ -28616,8 +39033,8 @@ the ReadOnly setting in VolumeMounts.
-### Cluster.spec.manifests[index].cephfs -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].cephfs +[↩ Parent](#clusterspecmountsindex) @@ -28665,7 +39082,7 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
false - secretRef + secretRef object secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. @@ -28684,8 +39101,8 @@ More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
-### Cluster.spec.manifests[index].cephfs.secretRef -[↩ Parent](#clusterspecmanifestsindexcephfs) +### Cluster.spec.mounts[index].cephfs.secretRef +[↩ Parent](#clusterspecmountsindexcephfs) @@ -28714,8 +39131,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].cinder -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].cinder +[↩ Parent](#clusterspecmountsindex) @@ -28759,7 +39176,7 @@ More info: https://examples.k8s.io/mysql-cinder-pd/README.md
false - secretRef + secretRef object secretRef is optional: points to a secret object containing parameters used to connect @@ -28770,8 +39187,8 @@ to OpenStack.
-### Cluster.spec.manifests[index].cinder.secretRef -[↩ Parent](#clusterspecmanifestsindexcinder) +### Cluster.spec.mounts[index].cinder.secretRef +[↩ Parent](#clusterspecmountsindexcinder) @@ -28800,8 +39217,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].configMap -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].configMap +[↩ Parent](#clusterspecmountsindex) @@ -28832,7 +39249,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - items + items []object items if unspecified, each key-value pair in the Data field of the referenced @@ -28864,8 +39281,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].configMap.items[index] -[↩ Parent](#clusterspecmanifestsindexconfigmap) +### Cluster.spec.mounts[index].configMap.items[index] +[↩ Parent](#clusterspecmountsindexconfigmap) @@ -28915,8 +39332,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].csi -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].csi +[↩ Parent](#clusterspecmountsindex) @@ -28949,7 +39366,7 @@ which will determine the default filesystem to apply.
false - nodePublishSecretRef + nodePublishSecretRef object nodePublishSecretRef is a reference to the secret object containing @@ -28979,8 +39396,8 @@ driver. Consult your driver's documentation for supported values.
-### Cluster.spec.manifests[index].csi.nodePublishSecretRef -[↩ Parent](#clusterspecmanifestsindexcsi) +### Cluster.spec.mounts[index].csi.nodePublishSecretRef +[↩ Parent](#clusterspecmountsindexcsi) @@ -29012,8 +39429,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].downwardAPI -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].downwardAPI +[↩ Parent](#clusterspecmountsindex) @@ -29045,7 +39462,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - items + items []object Items is a list of downward API volume file
@@ -29055,8 +39472,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].downwardAPI.items[index] -[↩ Parent](#clusterspecmanifestsindexdownwardapi) +### Cluster.spec.mounts[index].downwardAPI.items[index] +[↩ Parent](#clusterspecmountsindexdownwardapi) @@ -29079,7 +39496,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p true - fieldRef + fieldRef object Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
@@ -29100,7 +39517,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - resourceFieldRef + resourceFieldRef object Selects a resource of the container: only resources limits and requests @@ -29111,8 +39528,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].downwardAPI.items[index].fieldRef -[↩ Parent](#clusterspecmanifestsindexdownwardapiitemsindex) +### Cluster.spec.mounts[index].downwardAPI.items[index].fieldRef +[↩ Parent](#clusterspecmountsindexdownwardapiitemsindex) @@ -29145,8 +39562,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -### Cluster.spec.manifests[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#clusterspecmanifestsindexdownwardapiitemsindex) +### Cluster.spec.mounts[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#clusterspecmountsindexdownwardapiitemsindex) @@ -29187,8 +39604,8 @@ Selects a resource of the container: only resources limits and requests -### Cluster.spec.manifests[index].emptyDir -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].emptyDir +[↩ Parent](#clusterspecmountsindex) @@ -29230,8 +39647,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
-### Cluster.spec.manifests[index].ephemeral -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].ephemeral +[↩ Parent](#clusterspecmountsindex) @@ -29274,7 +39691,7 @@ persistent volumes at the same time. - volumeClaimTemplate + volumeClaimTemplate object Will be used to create a stand-alone PVC to provision the volume. @@ -29307,8 +39724,8 @@ Required, must not be nil.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate -[↩ Parent](#clusterspecmanifestsindexephemeral) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate +[↩ Parent](#clusterspecmountsindexephemeral) @@ -29347,7 +39764,7 @@ Required, must not be nil. - spec + spec object The specification for the PersistentVolumeClaim. The entire content is @@ -29357,7 +39774,7 @@ are also valid here.
true - metadata + metadata object May contain labels and annotations that will be copied into the PVC @@ -29369,8 +39786,8 @@ validation.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplate) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplate) @@ -29397,7 +39814,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access false - dataSource + dataSource object dataSource field can be used to specify either: @@ -29411,7 +39828,7 @@ If the namespace is specified, then dataSourceRef will not be copied to dataSour false - dataSourceRef + dataSourceRef object dataSourceRef specifies the object from which to populate the volume with data, if a non-empty @@ -29440,7 +39857,7 @@ There are three important differences between dataSource and dataSourceRef: false - resources + resources object resources represents the minimum resources the volume should have. @@ -29451,7 +39868,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour false - selector + selector object selector is a label query over volumes to consider for binding.
@@ -29484,8 +39901,8 @@ Value of Filesystem is implied when not included in claim spec.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSource -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSource +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespec) @@ -29534,8 +39951,8 @@ For any other third-party types, APIGroup is required.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.dataSourceRef +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespec) @@ -29608,8 +40025,8 @@ Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGr -### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespec) @@ -29629,7 +40046,7 @@ More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resour - claims + claims []object Claims lists the names of resources, defined in spec.resourceClaims, @@ -29665,8 +40082,8 @@ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-co -### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespecresources) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.resources.claims[index] +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespecresources) @@ -29694,8 +40111,8 @@ inside a container.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespec) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespec) @@ -29711,7 +40128,7 @@ selector is a label query over volumes to consider for binding. - matchExpressions + matchExpressions []object matchExpressions is a list of label selector requirements. The requirements are ANDed.
@@ -29730,8 +40147,8 @@ operator is "In", and the values array contains only "value". The requirements a -### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplatespecselector) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.spec.selector.matchExpressions[index] +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplatespecselector) @@ -29776,8 +40193,8 @@ merge patch.
-### Cluster.spec.manifests[index].ephemeral.volumeClaimTemplate.metadata -[↩ Parent](#clusterspecmanifestsindexephemeralvolumeclaimtemplate) +### Cluster.spec.mounts[index].ephemeral.volumeClaimTemplate.metadata +[↩ Parent](#clusterspecmountsindexephemeralvolumeclaimtemplate) @@ -29833,8 +40250,8 @@ validation. -### Cluster.spec.manifests[index].fc -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].fc +[↩ Parent](#clusterspecmountsindex) @@ -29895,8 +40312,8 @@ Either wwids or combination of targetWWNs and lun must be set, but not both simu -### Cluster.spec.manifests[index].flexVolume -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].flexVolume +[↩ Parent](#clusterspecmountsindex) @@ -29944,7 +40361,7 @@ the ReadOnly setting in VolumeMounts.
false - secretRef + secretRef object secretRef is Optional: secretRef is reference to the secret object containing @@ -29958,8 +40375,8 @@ scripts.
-### Cluster.spec.manifests[index].flexVolume.secretRef -[↩ Parent](#clusterspecmanifestsindexflexvolume) +### Cluster.spec.mounts[index].flexVolume.secretRef +[↩ Parent](#clusterspecmountsindexflexvolume) @@ -29991,8 +40408,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].flocker -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].flocker +[↩ Parent](#clusterspecmountsindex) @@ -30026,8 +40443,8 @@ should be considered as deprecated
-### Cluster.spec.manifests[index].gcePersistentDisk -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].gcePersistentDisk +[↩ Parent](#clusterspecmountsindex) @@ -30089,8 +40506,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk -### Cluster.spec.manifests[index].gitRepo -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].gitRepo +[↩ Parent](#clusterspecmountsindex) @@ -30136,8 +40553,8 @@ the subdirectory with the given name.
-### Cluster.spec.manifests[index].glusterfs -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].glusterfs +[↩ Parent](#clusterspecmountsindex) @@ -30182,8 +40599,8 @@ More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
-### Cluster.spec.manifests[index].hostPath -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].hostPath +[↩ Parent](#clusterspecmountsindex) @@ -30227,8 +40644,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
-### Cluster.spec.manifests[index].iscsi -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].iscsi +[↩ Parent](#clusterspecmountsindex) @@ -30328,7 +40745,7 @@ Defaults to false.
false - secretRef + secretRef object secretRef is the CHAP Secret for iSCSI target and initiator authentication
@@ -30338,8 +40755,8 @@ Defaults to false.
-### Cluster.spec.manifests[index].iscsi.secretRef -[↩ Parent](#clusterspecmanifestsindexiscsi) +### Cluster.spec.mounts[index].iscsi.secretRef +[↩ Parent](#clusterspecmountsindexiscsi) @@ -30367,8 +40784,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].nfs -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].nfs +[↩ Parent](#clusterspecmountsindex) @@ -30413,8 +40830,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
-### Cluster.spec.manifests[index].persistentVolumeClaim -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].persistentVolumeClaim +[↩ Parent](#clusterspecmountsindex) @@ -30451,8 +40868,8 @@ Default false.
-### Cluster.spec.manifests[index].photonPersistentDisk -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].photonPersistentDisk +[↩ Parent](#clusterspecmountsindex) @@ -30487,8 +40904,8 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-### Cluster.spec.manifests[index].portworxVolume -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].portworxVolume +[↩ Parent](#clusterspecmountsindex) @@ -30531,8 +40948,8 @@ the ReadOnly setting in VolumeMounts.
-### Cluster.spec.manifests[index].projected -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].projected +[↩ Parent](#clusterspecmountsindex) @@ -30562,7 +40979,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - sources + sources []object sources is the list of volume projections
@@ -30572,8 +40989,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].projected.sources[index] -[↩ Parent](#clusterspecmanifestsindexprojected) +### Cluster.spec.mounts[index].projected.sources[index] +[↩ Parent](#clusterspecmountsindexprojected) @@ -30589,28 +41006,28 @@ Projection that may be projected along with other supported volume types - configMap + configMap object configMap information about the configMap data to project
false - downwardAPI + downwardAPI object downwardAPI information about the downwardAPI data to project
false - secret + secret object secret information about the secret data to project
false - serviceAccountToken + serviceAccountToken object serviceAccountToken is information about the serviceAccountToken data to project
@@ -30620,8 +41037,8 @@ Projection that may be projected along with other supported volume types -### Cluster.spec.manifests[index].projected.sources[index].configMap -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) +### Cluster.spec.mounts[index].projected.sources[index].configMap +[↩ Parent](#clusterspecmountsindexprojectedsourcesindex) @@ -30637,7 +41054,7 @@ configMap information about the configMap data to project - items + items []object items if unspecified, each key-value pair in the Data field of the referenced @@ -30669,8 +41086,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].projected.sources[index].configMap.items[index] -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexconfigmap) +### Cluster.spec.mounts[index].projected.sources[index].configMap.items[index] +[↩ Parent](#clusterspecmountsindexprojectedsourcesindexconfigmap) @@ -30720,8 +41137,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].projected.sources[index].downwardAPI -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) +### Cluster.spec.mounts[index].projected.sources[index].downwardAPI +[↩ Parent](#clusterspecmountsindexprojectedsourcesindex) @@ -30737,7 +41154,7 @@ downwardAPI information about the downwardAPI data to project - items + items []object Items is a list of DownwardAPIVolume file
@@ -30747,8 +41164,8 @@ downwardAPI information about the downwardAPI data to project -### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index] -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapi) +### Cluster.spec.mounts[index].projected.sources[index].downwardAPI.items[index] +[↩ Parent](#clusterspecmountsindexprojectedsourcesindexdownwardapi) @@ -30771,7 +41188,7 @@ DownwardAPIVolumeFile represents information to create the file containing the p true - fieldRef + fieldRef object Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
@@ -30792,7 +41209,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - resourceFieldRef + resourceFieldRef object Selects a resource of the container: only resources limits and requests @@ -30803,8 +41220,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index].fieldRef -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) +### Cluster.spec.mounts[index].projected.sources[index].downwardAPI.items[index].fieldRef +[↩ Parent](#clusterspecmountsindexprojectedsourcesindexdownwardapiitemsindex) @@ -30837,8 +41254,8 @@ Required: Selects a field of the pod: only annotations, labels, name and namespa -### Cluster.spec.manifests[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexdownwardapiitemsindex) +### Cluster.spec.mounts[index].projected.sources[index].downwardAPI.items[index].resourceFieldRef +[↩ Parent](#clusterspecmountsindexprojectedsourcesindexdownwardapiitemsindex) @@ -30879,8 +41296,8 @@ Selects a resource of the container: only resources limits and requests -### Cluster.spec.manifests[index].projected.sources[index].secret -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) +### Cluster.spec.mounts[index].projected.sources[index].secret +[↩ Parent](#clusterspecmountsindexprojectedsourcesindex) @@ -30896,7 +41313,7 @@ secret information about the secret data to project - items + items []object items if unspecified, each key-value pair in the Data field of the referenced @@ -30928,8 +41345,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].projected.sources[index].secret.items[index] -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindexsecret) +### Cluster.spec.mounts[index].projected.sources[index].secret.items[index] +[↩ Parent](#clusterspecmountsindexprojectedsourcesindexsecret) @@ -30979,8 +41396,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].projected.sources[index].serviceAccountToken -[↩ Parent](#clusterspecmanifestsindexprojectedsourcesindex) +### Cluster.spec.mounts[index].projected.sources[index].serviceAccountToken +[↩ Parent](#clusterspecmountsindexprojectedsourcesindex) @@ -31031,8 +41448,8 @@ and must be at least 10 minutes.
-### Cluster.spec.manifests[index].quobyte -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].quobyte +[↩ Parent](#clusterspecmountsindex) @@ -31099,8 +41516,8 @@ Defaults to serivceaccount user
-### Cluster.spec.manifests[index].rbd -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].rbd +[↩ Parent](#clusterspecmountsindex) @@ -31171,7 +41588,7 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
false - secretRef + secretRef object secretRef is name of the authentication secret for RBDUser. If provided @@ -31193,8 +41610,8 @@ More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
-### Cluster.spec.manifests[index].rbd.secretRef -[↩ Parent](#clusterspecmanifestsindexrbd) +### Cluster.spec.mounts[index].rbd.secretRef +[↩ Parent](#clusterspecmountsindexrbd) @@ -31225,8 +41642,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].scaleIO -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].scaleIO +[↩ Parent](#clusterspecmountsindex) @@ -31249,7 +41666,7 @@ scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernete true - secretRef + secretRef object secretRef references to the secret for ScaleIO user and other @@ -31322,8 +41739,8 @@ that is associated with this volume source.
-### Cluster.spec.manifests[index].scaleIO.secretRef -[↩ Parent](#clusterspecmanifestsindexscaleio) +### Cluster.spec.mounts[index].scaleIO.secretRef +[↩ Parent](#clusterspecmountsindexscaleio) @@ -31352,8 +41769,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].secret -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].secret +[↩ Parent](#clusterspecmountsindex) @@ -31385,7 +41802,7 @@ mode, like fsGroup, and the result can be other mode bits set.
false - items + items []object items If unspecified, each key-value pair in the Data field of the referenced @@ -31416,8 +41833,8 @@ More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
-### Cluster.spec.manifests[index].secret.items[index] -[↩ Parent](#clusterspecmanifestsindexsecret) +### Cluster.spec.mounts[index].secret.items[index] +[↩ Parent](#clusterspecmountsindexsecret) @@ -31467,8 +41884,8 @@ mode, like fsGroup, and the result can be other mode bits set.
-### Cluster.spec.manifests[index].storageos -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].storageos +[↩ Parent](#clusterspecmountsindex) @@ -31501,7 +41918,7 @@ the ReadOnly setting in VolumeMounts.
false - secretRef + secretRef object secretRef specifies the secret to use for obtaining the StorageOS API @@ -31532,8 +41949,8 @@ Namespaces that do not pre-exist within StorageOS will be created.
-### Cluster.spec.manifests[index].storageos.secretRef -[↩ Parent](#clusterspecmanifestsindexstorageos) +### Cluster.spec.mounts[index].storageos.secretRef +[↩ Parent](#clusterspecmountsindexstorageos) @@ -31562,8 +41979,8 @@ TODO: Add other useful fields. apiVersion, kind, uid?
-### Cluster.spec.manifests[index].vsphereVolume -[↩ Parent](#clusterspecmanifestsindex) +### Cluster.spec.mounts[index].vsphereVolume +[↩ Parent](#clusterspecmountsindex) @@ -31612,52 +42029,6 @@ Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
-### Cluster.spec.monitoring -[↩ Parent](#clusterspec) - - - -Monitoring defines the monitoring configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDescriptionRequired
enabledboolean - Enabled enables prometheus sidecar that scrapes metrics from the child cluster system components and expose -them as usual kubernetes pod metrics.
- 		true
prometheusImagestring - PrometheusImage defines the image used for the prometheus sidecar.
-
- Default: quay.io/k0sproject/prometheus:v2.44.0
- 		true
proxyImagestring - ProxyImage defines the image used for the nginx proxy sidecar.
-
- Default: nginx:1.19.10
- 		true
- - ### Cluster.spec.persistence [↩ Parent](#clusterspec) diff --git a/internal/controller/k0smotron.io/k0smotroncluster_statefulset.go b/internal/controller/k0smotron.io/k0smotroncluster_statefulset.go index 197731606..d0a31b4ce 100644 --- a/internal/controller/k0smotron.io/k0smotroncluster_statefulset.go +++ b/internal/controller/k0smotron.io/k0smotroncluster_statefulset.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "reflect" + "strings" km "github.com/k0sproject/k0smotron/api/k0smotron.io/v1beta1" "github.com/k0sproject/k0smotron/internal/controller/util" @@ -239,6 +240,17 @@ func (r *ClusterReconciler) generateStatefulSet(kmc *km.Cluster) (apps.StatefulS }) } + for _, file := range kmc.Spec.Mounts { + volumeName := strings.Replace(file.Path[1:], "/", "-", -1) + statefulSet.Spec.Template.Spec.Volumes = append(statefulSet.Spec.Template.Spec.Volumes, v1.Volume{Name: volumeName, VolumeSource: file.VolumeSource}) + + statefulSet.Spec.Template.Spec.Containers[0].VolumeMounts = append(statefulSet.Spec.Template.Spec.Containers[0].VolumeMounts, v1.VolumeMount{ + Name: volumeName, + MountPath: file.Path, + ReadOnly: true, + }) + } + // Create k0s telemetry config in the configmap and mount it to the controller pod // If user disables k0s telemetry this will have not effect. cm := &v1.ConfigMap{ diff --git a/inttest/basic/basic_test.go b/inttest/basic/basic_test.go index 896f9f9b9..38ab2dc53 100644 --- a/inttest/basic/basic_test.go +++ b/inttest/basic/basic_test.go @@ -24,6 +24,7 @@ import ( "github.com/k0sproject/k0s/inttest/common" km "github.com/k0sproject/k0smotron/api/k0smotron.io/v1beta1" + "github.com/k0sproject/k0smotron/internal/exec" "github.com/k0sproject/k0smotron/inttest/util" "github.com/stretchr/testify/suite" @@ -124,6 +125,11 @@ func (s *BasicSuite) TestK0sGetsUp() { cm, err := kmcKC.CoreV1().ConfigMaps("kube-system").Get(s.Context(), "k0s-telemetry", metav1.GetOptions{}) s.Require().NoError(err, "k0s-telemetry CM not found. Manifest not appllied?") s.Require().Equal("k0smotron", cm.Data["provider"]) + + s.T().Log("Verifying files are mounted") + output, err := exec.PodExecCmdOutput(context.TODO(), kc, rc, "kmc-kmc-test-0", "kmc-test", "ls /tmp/test") + s.Require().NoError(err, "/tmp/test dir not found. Mount not mounted?") + s.Require().Contains(output, "manifest.yaml") } func TestBasicSuite(t *testing.T) { @@ -245,6 +251,12 @@ metadata: "configMap": { "name": "manifest-cm" } } ], + "mounts": [ + { + "path": "/tmp/test", + "configMap": { "name": "manifest-cm" } + } + ], "resources": { "requests": { "cpu": "100m",